fix(argo-applicationset): Fix leader election rbac (#674)

* fix(argo-applicationset): Fix leader election rbac
* fix(argo-applicationset): Add tests
* Use defaults volume mount flags

Signed-off-by: Matteo Ruina <matteo.ruina@gmail.com>

charts/argo-applicationset/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: argocd-applicationset
 description: A Helm chart for installing ArgoCD ApplicationSet
 type: application
-version: 0.1.1
+version: 0.1.2
 appVersion: "v0.1.0"
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png

charts/argo-applicationset/README.md

@@ -27,6 +27,17 @@ NAME: my-release
 
 Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks.
 
+### Testing
+
+Users can test the chart with [kind](https://kind.sigs.k8s.io/) and [ct](https://github.com/helm/chart-testing).
+
+```console
+kind create cluster
+kubectl create namespace argocd
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
+ct install --namespace argocd
+```
+
 ## Values
 
 | Key | Type | Default | Description |

charts/argo-applicationset/ci/default-values.yaml

@@ -0,0 +1,77 @@
+# Default values for argo-applicationset.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+installCRDs: false # this needs to be false with ct
+
+image:
+  # The image repository
+  repository: quay.io/argocdapplicationset/argocd-applicationset
+  # Image pull policy
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+args:
+  metricsAddr: :8080
+  probeBindAddr: :8081
+  enableLeaderElection: false
+  namespace: argocd
+  argocdRepoServer: argocd-repo-server:8081
+  policy: sync
+  debug: false
+  dryRun: false
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+rbac:
+  pspEnabled: true
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+mountSSHKnownHostsVolume: true
+mountTLSCertsVolume: true
+mountGPGKeysVolume: false
+mountGPGKeyringVolume: true

charts/argo-applicationset/ci/leader-election-values.yaml

@@ -0,0 +1,6 @@
+args:
+  enableLeaderElection: true
+
+replicaCount: 3
+
+installCRDs: false

charts/argo-applicationset/templates/rbac.yaml

@@ -44,11 +44,22 @@ rules:
     - ""
     resources:
     - secrets
-    - configmaps
     verbs:
     - get
     - list
     - watch
+  - apiGroups:
+    - ""
+    resources:
+    - configmaps
+    verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
   - apiGroups:
     - apps
     - extensions
@@ -58,6 +69,18 @@ rules:
     - get
     - list
     - watch
+  - apiGroups:
+    - coordination.k8s.io
+    resources:
+    - leases
+    verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding