From d46b3049ae6cd88d4a23cdb7de6fb28041ea4c8e Mon Sep 17 00:00:00 2001 From: mugioka Date: Mon, 25 Dec 2023 17:24:20 +0900 Subject: [PATCH 1/3] chore(argo-cd): support ApplicationSet in any namespace. Signed-off-by: mugioka --- charts/argo-cd/Chart.yaml | 2 +- .../argocd-applicationset/clusterrole.yaml | 89 +++++++++++++++++++ .../clusterrolebinding.yaml | 17 ++++ 3 files changed, 107 insertions(+), 1 deletion(-) create mode 100644 charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml create mode 100644 charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 22f637bd8..6a47e29c0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.10.2 + description: Support ApplicationSet in any namespace. diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml new file mode 100644 index 000000000..8eecf472e --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -0,0 +1,89 @@ +{{- if .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +rules: + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update + - apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - update + - delete + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml new file mode 100644 index 000000000..952b6ae6f --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-cd.applicationSet.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "argo-cd.applicationSetServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} From 1c173f43fe46c8e7e29d86b1d8d3ce139ff48e79 Mon Sep 17 00:00:00 2001 From: mugioka Date: Tue, 30 Jan 2024 15:49:45 +0900 Subject: [PATCH 2/3] chore: apply feedback by maintainer. Signed-off-by: mugioka --- charts/argo-cd/Chart.yaml | 2 +- .../argo-cd/templates/argocd-applicationset/clusterrole.yaml | 2 +- .../templates/argocd-applicationset/clusterrolebinding.yaml | 4 ++-- charts/argo-cd/values.yaml | 3 ++- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6a47e29c0..680b5d04e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.5.1 +version: 6.6.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml index 8eecf472e..6ac4c1e70 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createClusterRoles }} +{{- if .Values.applicationSet.allowAnyNamespace }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index 952b6ae6f..152b31f41 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createClusterRoles }} +{{- if .Values.applicationSet.allowAnyNamespace }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -12,6 +12,6 @@ roleRef: name: {{ template "argo-cd.applicationSet.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.applicationSetServiceAccountName" . }} + name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 68581a3ce..42b441832 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2928,7 +2928,8 @@ applicationSet: # - secretName: argocd-applicationset-tls # hosts: # - argocd-applicationset.example.com - + # -- Enable ApplicationSet in any namespace feature + allowAnyNamespace: false ## Notifications controller notifications: # -- Enable notifications controller From 1de724a4b5c520b8e88ee63800b8d85a2a8bb1cc Mon Sep 17 00:00:00 2001 From: mugioka Date: Sat, 2 Mar 2024 14:58:21 +0900 Subject: [PATCH 3/3] fix: docs is not generated. Signed-off-by: mugioka --- charts/argo-cd/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index d1c952065..eab256f73 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1302,6 +1302,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature | | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | | applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) |