Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(argo-cd): conditional namespace support to ClusterRoleBinding #2934

Closed
wants to merge 11 commits into from
Closed

feat(argo-cd): conditional namespace support to ClusterRoleBinding #2934

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
066f3fc
feat: conditional namespace support to ClusterRoleBinding
leehosu Sep 22, 2024
7b9deb0
Compliance with pr rules
leehosu Sep 22, 2024
54cf342
feat: support multiple namespaces in ClusterRoleBinding using comma-s…
leehosu Sep 23, 2024
e36aab0
chore: clear namespaces field by setting to an empty string
leehosu Sep 23, 2024
f4c808f
Merge branch 'main' into feat/config-applicationsetcontroller-namespaces
leehosu Sep 23, 2024
21e9465
Conflict Resolution
leehosu Sep 24, 2024
4b5e530
Conflict Resolution
leehosu Sep 24, 2024
9f0a20d
Update charts/argo-cd/values.yaml
leehosu Sep 24, 2024
a45d241
Refactor Helm template to properly handle ApplicationSet namespaces s…
leehosu Sep 24, 2024
3dd5dc5
clear namespaces field by setting to an empty string
leehosu Sep 24, 2024
d7058ec
Update README to reflect correct description for applicationsetcontro…
leehosu Sep 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions charts/argo-cd/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ appVersion: v2.12.3
kubeVersion: ">=1.25.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 7.6.2
version: 7.6.3
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
Expand All @@ -26,5 +26,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: |
- kind: fixed
description: Remove namespace field from cluster scoped resources
- kind: added
description: Add conditional handling of multiple namespaces in ClusterRoleBinding for ApplicationSet controller.
1 change: 1 addition & 0 deletions charts/argo-cd/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -742,6 +742,7 @@ NAME: my-release
| configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring |
| configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] |
| configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability |
| configs.params."applicationsetcontroller.namespaces" | string | `""` | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) |
| configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` |
| configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout |
| configs.params."controller.operation.processors" | int | `10` | Number of application operation processors |
Expand Down
8 changes: 8 additions & 0 deletions charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,12 @@ subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.controller.serviceAccountName" . }}
namespace: {{ include "argo-cd.namespace" . }}
{{- $namespaces := index .Values.configs.params "applicationsetcontroller.namespaces" -}}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Though I was distracted about the logic itself, the original issue ( #2919 ) is about argocd-applicationset-controller sa, not argocd-application-controllersa.
Are you sure that here is the right place to add code?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh. I was mistaken. I'll close the PR, and I'll work on the argocd-applicationset-controller with the same logic and post the PR again. Thanks for the attention.

{{- range $namespace := (split "," $namespaces) }}
{{- if $namespaces }}
- kind: ServiceAccount
name: {{ include "argo-cd.controller.serviceAccountName" $ }}
namespace: {{ $namespace | trim | quote }}
{{- end }}
{{- end }}
{{- end }}
3 changes: 3 additions & 0 deletions charts/argo-cd/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,9 @@ configs:
# -- Enables use of the Progressive Syncs capability
applicationsetcontroller.enable.progressive.syncs: false

# -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`)
applicationsetcontroller.namespaces: ""

# -- Enables [Applications in any namespace]
## List of additional namespaces where applications may be created in and reconciled from.
## The namespace where Argo CD is installed to will always be allowed.
Expand Down