From beaef0f10a666ed2318e2937226e0b0b0cdd45ec Mon Sep 17 00:00:00 2001 From: fsero Date: Thu, 6 Jul 2023 16:20:38 +0200 Subject: [PATCH] feat(argocd-apps): Add permitOnlyProjectScopedClustersFlag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit # Context This flag was added in this PR https://github.com/argoproj/argo-cd/pull/10237/files but is not possible to set it using the argocd-apps chart. # What it does this PR - It adds this flag as a value of the chart for projects in argocd-apps # Proof ``` echo "projects: (⎈ |kind-hnc:hnc-system) - name: orka-extensibility namespace: cre-system description: orka-extensibility clusterResourceWhitelist: - group: '*' kind: '*' destinations: - namespace: '*' server: '*' orphanedResources: warn: true sourceRepos: - '*' roles: # A role which provides read-only access to all applications in the project - name: read-only description: Read-only privileges to orka-extensibility policies: - p, proj:orka-extensibility:read-only, applications, get, orka-extensibility/*, allow - p, proj:orka-extensibility:read-only, applicationsets, get, orka-extensibility/*, allow - p, proj:orka-extensibility:read-only, applications, sync, orka-extensibility/*, allow - p, proj:orka-extensibility:read-only, applicationsets, sync, orka-extensibility/*, allow groups: - OrkA Team " > values-test.yaml helm template . -f values-test.yaml --- apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: name: orka-extensibility namespace: cre-system spec: permitOnlyProjectScopedClusters: false description: orka-extensibility sourceRepos: - '*' destinations: - namespace: '*' server: '*' clusterResourceWhitelist: - group: '*' kind: '*' orphanedResources: warn: true roles: - description: Read-only privileges to orka-extensibility groups: - OrkA Team name: read-only policies: - p, proj:orka-extensibility:read-only, applications, get, orka-extensibility/*, allow - p, proj:orka-extensibility:read-only, applicationsets, get, orka-extensibility/*, allow - p, proj:orka-extensibility:read-only, applications, sync, orka-extensibility/*, allow - p, proj:orka-extensibility:read-only, applicationsets, sync, orka-extensibility/*, allow ``` Change-Id: Ieddca7af228cbe0c4657fc907d078875daaa3eef Signed-off-by: fsero --- charts/argocd-apps/Chart.yaml | 4 ++-- charts/argocd-apps/templates/projects.yaml | 1 + charts/argocd-apps/values.yaml | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index fc733b22f..8eeb0888c 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.2.0 +version: 1.3.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,4 +18,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Rollout strategy for ApplicationSet + description: add permitOnlyProjectScopedClusters flag to Projects defaulting to false diff --git a/charts/argocd-apps/templates/projects.yaml b/charts/argocd-apps/templates/projects.yaml index f747d1b61..7cbd4e803 100644 --- a/charts/argocd-apps/templates/projects.yaml +++ b/charts/argocd-apps/templates/projects.yaml @@ -22,6 +22,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + permitOnlyProjectScopedClusters: {{ .permitOnlyProjectScopedClusters | default false }} description: {{ .description }} {{- with .sourceRepos }} sourceRepos: diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 500849df7..0c329dfe3 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -48,6 +48,7 @@ projects: [] # namespace: argocd # additionalLabels: {} # additionalAnnotations: {} +# permitOnlyProjectScopedClusters: false # finalizers: # - resources-finalizer.argocd.argoproj.io # description: Example Project