feat(argo-rollouts): flag to disable clusterrole/clusterrolebinding creation (#1388)

* feat(argo-rollouts): Add flag to optionally disable the creation of cluster roles (even when running in cluster mode) Signed-off-by: Joshua Helton <jdoghelton@gmail.com> * fix README.md with helm-docs.sh Signed-off-by: Joshua Helton <jdoghelton@gmail.com> Signed-off-by: Joshua Helton <jdoghelton@gmail.com> Co-authored-by: JM <jmeridth@gmail.com>
2022-08-22 22:43:13 -04:00 · 2022-08-22 22:43:13 -04:00 · b029a6dde3
parent 2125c7ac71
commit b029a6dde3
8 changed files with 21 additions and 8 deletions
--- a/charts/argo-rollouts/Chart.yaml
+++ b/charts/argo-rollouts/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "v1.2.0"
 description: A Helm chart for Argo Rollouts
 name: argo-rollouts
-version: 2.18.0
+version: 2.19.0
 icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 maintainers:
@ -11,4 +11,4 @@ maintainers:
  - name: jessesuen
 annotations:
  artifacthub.io/changes: |
-    - "[Added]: Additional manifests to deploy within the chart"
+    - "[Added]: flags to disable the creation of ClusterRoles/ClusterRoleBindings when run in cluster mode "
--- a/charts/argo-rollouts/README.md
+++ b/charts/argo-rollouts/README.md
@ -42,6 +42,7 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r
 | apiVersionOverrides.ingress | string | `""` | String to override apiVersion of ingresses rendered by this helm chart |
 | clusterInstall | bool | `true` | `false` runs controller in namespaced mode (does not require cluster RBAC) |
 | crdAnnotations | object | `{}` | Annotations to be added to all CRDs |
+| createClusterAggregateRoles | bool | `true` | flag to enable creation of cluster aggregate roles (requires cluster RBAC) |
 | extraObjects | list | `[]` | Additional manifests to deploy within the chart. A list of objects. |
 | fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template |
 | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. |
@ -62,6 +63,7 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r
 | containerSecurityContext | object | `{}` | Security Context to set on container level |
 | controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
 | controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` |
+| controller.createClusterRole | bool | `true` | flag to enable creation of cluster controller role (requires cluster RBAC) |
 | controller.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-controller.  A list of flags. |
 | controller.extraContainers | list | `[]` | Literal yaml for extra containers to be added to controller deployment. |
 | controller.extraEnv | list | `[]` | Additional environment variables for rollouts-controller. A list of name/value maps. |
@ -100,6 +102,7 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r
 | dashboard.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
 | dashboard.component | string | `"rollouts-dashboard"` | Value of label `app.kubernetes.io/component` |
 | dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level |
+| dashboard.createClusterRole | bool | `true` | flag to enable creation of dashbord cluster role (requires cluster RBAC) |
 | dashboard.enabled | bool | `false` | Deploy dashboard server |
 | dashboard.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-dashboard. A list of flags. |
 | dashboard.extraEnv | list | `[]` | Additional environment variables for rollouts-dashboard. A list of name/value maps. |
@ -172,4 +175,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
 [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 [priorityClassName]: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
 [Pod Disruption Budget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
-[values.yaml]: https://github.com/argoproj/argo-helm/blob/argo-rollouts-2.18.0/charts/argo-rollouts/values.yaml
+[values.yaml]: https://github.com/argoproj/argo-helm/blob/argo-rollouts-2.19.0/charts/argo-rollouts/values.yaml
--- a/charts/argo-rollouts/templates/aggregate-roles.yaml
+++ b/charts/argo-rollouts/templates/aggregate-roles.yaml
@ -1,4 +1,4 @@
-{{- if .Values.clusterInstall }}
+{{- if and .Values.clusterInstall .Values.createClusterAggregateRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/charts/argo-rollouts/templates/controller/clusterrole.yaml
+++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml
@ -1,4 +1,4 @@
-{{- if .Values.clusterInstall }}
+{{- if and .Values.clusterInstall .Values.controller.createClusterRole }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml
+++ b/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml
@ -1,4 +1,4 @@
-{{- if .Values.clusterInstall }}
+{{- if and .Values.clusterInstall .Values.controller.createClusterRole }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml
+++ b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml
@ -1,4 +1,4 @@
-{{- if and .Values.dashboard.enabled .Values.clusterInstall }}
+{{- if and .Values.dashboard.enabled .Values.clusterInstall .Values.dashboard.createClusterRole }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml
+++ b/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml
@ -1,4 +1,4 @@
-{{- if and .Values.dashboard.enabled .Values.clusterInstall }}
+{{- if and .Values.dashboard.enabled .Values.clusterInstall .Values.dashboard.createClusterRole }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/charts/argo-rollouts/values.yaml
+++ b/charts/argo-rollouts/values.yaml
@ -6,6 +6,9 @@ keepCRDs: true
 # -- `false` runs controller in namespaced mode (does not require cluster RBAC)
 clusterInstall: true

+# -- flag to enable creation of cluster aggregate roles (requires cluster RBAC)
+createClusterAggregateRoles: true
+
 # -- String to partially override "argo-rollouts.fullname" template
 nameOverride:

@ -80,6 +83,9 @@ controller:
  #    cpu: 50m
  #    memory: 64Mi

+  # -- flag to enable creation of cluster controller role (requires cluster RBAC)
+  createClusterRole: true
+
  metrics:
    # -- Deploy metrics service
    enabled: false
@ -181,6 +187,10 @@ dashboard:
  affinity: {}
  # -- [priorityClassName] for the dashboard server
  priorityClassName: ""
+
+  # -- flag to enable creation of dashbord cluster role (requires cluster RBAC)
+  createClusterRole: true
+
  # -- The number of dashboard pods to run
  replicas: 1
  image: