Running a cronjob triggers a permissions error for logging the event

[jsoref]

Checklist:

• I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
• I've included steps to reproduce the bug.
• I've pasted the output of argocd version.

Describe the bug

The instructions from #12925 didn't tell argoproj/argo-helm that they needed to grant events create to anyone who enables the create job feature.

It is possible to get argoproj/argo-helm to add the create events permission by enabling an unrelated feature (Applications in any namespace) argoproj/argo-helm@3f2654d, but this isn't an obvious knob to toggle.

To Reproduce

1. Install argocd 2.12 using argoproj/argo-helm
2. Have feat: Create job action (#12174 and #4116) #12925 enabled
3. Have a cron job
4. Click the ellipsis next to the cronjob
5. Use the Create Job option

Expected behavior

Screenshots

time="2024-10-15T18:06:34Z" level=error msg="Unable to create audit event: events is forbidden: User \"system:serviceaccount:argocd:argocd-server\" cannot create resource \"events\" in API group \"\" in the namespace \"...\"" name=... reason=ResourceActionRan type=Normal user=...

Version

{
    "Version": "v2.12.3+6b9cd82",
    "BuildDate": "2024-08-27T11:57:48Z",
    "GitCommit": "6b9cd828c6e9807398869ad5ac44efd2c28422d6",
    "GitTreeState": "clean",
    "GoVersion": "go1.22.4",
    "Compiler": "gc",
    "Platform": "linux/amd64",
    "KustomizeVersion": "v5.4.2 2024-05-22T15:19:38Z",
    "HelmVersion": "v3.15.2+g1a500d5",
    "KubectlVersion": "v0.29.6",
    "JsonnetVersion": "v0.20.0"
}

Logs

Paste any relevant application logs here.

[agaudreault]

Closing as this has been implemented in the helm chart. Further discussion points to not granting rbac by default to all possible actions. It is the responsibility of the argo users to deploy it with the permissions necessary.

argoproj/argo-helm#2974 (comment)