feat(argo-cd): enabled server cluster role permissions overriding (#2606)

2024-04-02 07:03:37 +02:00 · 2024-04-02 07:03:37 +02:00 · 30fd5202b0
parent 7b87ff19e5
commit 30fd5202b0
4 changed files with 17 additions and 3 deletions
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -3,7 +3,7 @@ appVersion: v2.10.5
 kubeVersion: ">=1.23.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 6.7.6
+version: 6.7.7
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@ -26,5 +26,5 @@ annotations:
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
-    - kind: fixed
+    - kind: added
-      description: added missing crd change for 2.10.5
+      description: Support for Overriding Argo CD Server ClusterRole Permissions
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -928,6 +928,8 @@ NAME: my-release
 | server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret |
 | server.certificateSecret.key | string | `""` | Private Key of the certificate |
 | server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret |
 | server.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the server's ClusterRole resource |
 | server.clusterRoleRules.rules | list | `[]` | List of custom rules for the server's ClusterRole resource |
 | server.containerPorts.metrics | int | `8083` | Metrics container port |
 | server.containerPorts.server | int | `8080` | Server container port |
 | server.containerSecurityContext | object | See [values.yaml] | Server container-level security context |
--- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml
@ -6,6 +6,9 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 rules:
  {{- if .Values.server.clusterRoleRules.enabled }}
    {{- toYaml .Values.server.clusterRoleRules.rules | nindent 2 }}
  {{- else }}
  - apiGroups:
      - '*'
    resources:
@ -73,4 +76,5 @@ rules:
    verbs:
      {{/* supports triggering workflows from UI */}}
      - create
  {{- end }}
 {{- end }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -2194,6 +2194,14 @@ server:
    # -- Termination policy of Openshift Route
    termination_policy: None
  ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
  ## Defaults to off
  clusterRoleRules:
    # -- Enable custom rules for the server's ClusterRole resource
    enabled: false
    # -- List of custom rules for the server's ClusterRole resource
    rules: []
 ## Repo Server
 repoServer:
  # -- Repo server name