[bitnami/argo-cd] Argo-CD Cluster Roles to support multiple namespaces, Dynamic Cluster Distribution issue with controller.

[Jeremy-Boyle]

Name and Version

bitnami/argo-cd 6.4.8

What is the problem this feature will solve?

This will bring the bitnami helm chart for argo-cd to support multiple namespaces by providing cluster roles for services that need them and allow configuration from helm user.

What is the feature you are proposing to solve the problem?

Adding cluster roles for the following:

applicationSet:
  # Default value false
  clusterAdminAccess: false
  clusterRoleRules: []

notifications:
  # Default value false
  clusterAdminAccess: false
  clusterRoleRules: []

repoServer:
  # Default value false
  clusterAdminAccess: false
  clusterRoleRules: []

server:
  clusterAdminAccess: true
  clusterRoleRules: []

Upstream examples (Check Mark = PR work done):

• applicationset
• notifications
• repoServer
• server
  • This needs to be updated this currently has a cluster role, however there's no way to disable this access and given by default. Default is to give cluster admin access which should not be the case unless explicitly allowed.

Issues with Dynamic Cluster Distribution:

What:

When enabling Dynamic Cluster Distribution env on the controller it causes a issue with the application-set not being able to find the deployment name for the app-controller when multi-namespace is used

By default argo-cd looks for argocd-application-controller, this causes the applicationset to fail unless the provided env is set on the controller ARGOCD_APPLICATION_CONTROLLER_NAME

Changes:

Adding the ARGOCD_APPLICATION_CONTROLLER_NAME as a default env to be made providing the templated name to the controller in the templates here

Additionally fix:

PR:

• [bitnami/argo-cd] ArgoCD repo-server NetworkPolicy uses ApplicationSet values #27108

Documentaion for setting up any-namespace

New documentation in read-me for setting up any-namespace configurtation, just explaining what values to set to allow this. Links to upstream will be provided in this documentation.

Upstream documentation:

• Applications in any namespace
• ApplicationSet in any namespace
• Notification in any namespace
• Reconfigure Argo CD to allow certain namespaces
• Dynamic Cluster Distribution

What alternatives have you considered?

Work arounds

Using extraDeploy to provide the cluster roles and bindings in the values file, and controller.extraEnvVars

# This requires makes for a unessaryly long values file
# Also, requires you know the templated service account name for each service inside the cluster rolebinding
extraDeploy:
- CLUSTER-ROLE-FOR-applicationset
- CLUSTER-ROLEBINDING-FOR-applicationset
- CLUSTER-ROLE-FOR-notifications
- CLUSTER-ROLEBINDING-FOR-notifications
- CLUSTER-ROLE-FOR-repoServer
- CLUSTER-ROLEBINDING-FOR-repoServer
- CLUSTER-ROLE-FOR-server
- CLUSTER-ROLEBINDING-FOR-server

controller:
  extraEnvVars:
  - name: ARGOCD_APPLICATION_CONTROLLER_NAME
    value: MANUALLY-SETTING-NAME-OF-TEMPLATED-DEPLOYMENT-NAME
    

[javsalgar]

Hi!

Thank you so much for the PR! The team will take a look