From ba2b0493994a4cd67f64686dfe405a65a55cd1a1 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 30 Oct 2024 19:40:18 +0900 Subject: [PATCH] feat(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.15.0 (#2992) * chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.15.0 Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> * feat(argocd-image-updater): update as following upstream Signed-off-by: yu-croco * fix(argocd-image-updater): add permission when createClusterRoles is false Signed-off-by: yu-croco --------- Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Signed-off-by: yu-croco Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argocd-image-updater/Chart.yaml | 6 +-- charts/argocd-image-updater/README.md | 1 + .../argocd-image-updater/templates/rbac.yaml | 51 ++++++++++++++++--- charts/argocd-image-updater/values.yaml | 5 ++ 4 files changed, 52 insertions(+), 11 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index c358515f7..df988cd00 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.11.0 -appVersion: v0.14.0 +version: 0.11.1 +appVersion: v0.15.0 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-image-updater to v0.14.0 + description: Bump argocd-image-updater to v0.15.0 diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 5e51a8cd5..7a35b881f 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -87,6 +87,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.logLevel | string | `"info"` | Argo CD Image Update log level | | config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | | config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | +| createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | | extraEnvFrom | list | `[]` | Extra envFrom to pass to argocd-image-updater | diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index 50d75876e..0f6311080 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -17,6 +17,47 @@ rules: - get - list - watch + {{- if not .Values.createClusterRoles }} + - apiGroups: + - "" + resources: + - events + verbs: + - create + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argocd-image-updater.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +{{- end }} +--- +{{- if and .Values.rbac.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create - apiGroups: - argoproj.io resources: @@ -26,15 +67,9 @@ rules: - list - update - patch - - apiGroups: - - "" - resources: - - events - verbs: - - create --- apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} @@ -42,7 +77,7 @@ metadata: namespace: {{ include "argocd-image-updater.namespace" . | quote }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role + kind: ClusterRole name: {{ include "argocd-image-updater.fullname" . }} subjects: - kind: ServiceAccount diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 19291de93..4825833ea 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -20,6 +20,11 @@ fullnameOverride: "" # -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override namespaceOverride: "" +# -- Create cluster roles for cluster-wide installation. +## Used when you manage applications in the same cluster where Argo CD Image Updater runs. +## If you want to use this, please set `.Values.rbac.enabled` true as well. +createClusterRoles: true + # -- Extra arguments for argocd-image-updater not defined in `config.argocd`. # If a flag contains both key and value, they need to be split to a new entry extraArgs: []