argoproj
/
argo-helm
mirror of https://github.com/argoproj/argo-helm.git
1
0
Fork 1
Code Issues Packages Projects Releases Wiki Activity

chore(argo-cd): Disable argocd-repo-server cluster role by default (#2498) 

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>
pull/2508/head argo-cd-6.0.12
Petr Drastil 2024-02-13 16:26:29 +01:00 committed by GitHub
parent 6c47b2a69b
commit c0b7a7e074
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
charts/argo-cd/Chart.yaml
View File

@ -3,7 +3,7 @@ appVersion: v2.10.0
kubeVersion: ">=1.23.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 6.0.11
version: 6.0.12
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
@ -26,5 +26,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: fixed
description: Use `with` instead of `range` on reposerver serviceaccount
- kind: security
description: Argo CD repo-server cluster role is not deployed by default

6
charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.createClusterRoles }}
{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@ -6,8 +6,8 @@ metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
rules:
{{- if .Values.repoServer.clusterRoleRules.enabled }}
{{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 2 }}
{{- with .Values.repoServer.clusterRoleRules.rules }}
{{- toYaml . | nindent 2 }}
{{- else }}
- apiGroups:
- '*'

2
charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.createClusterRoles }}
{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata: