From 7cb42bbf4a8fad71cd2195b6f7f06a83ffae450b Mon Sep 17 00:00:00 2001 From: Nick Heijmink Date: Fri, 24 Jan 2025 15:06:51 +0100 Subject: [PATCH 1/4] Add an extra feature toggle to the argocd configmap that allows sync impersonation Signed-off-by: Nick Heijmink --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/values.yaml | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 05c614ffc..d7c855877 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.17 +version: 7.7.18 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Address ingress regression of PR #3081, use toString before tpl function + - kind: added + description: Add feature toggle to ArgoCD configmap allowing sync impersonation diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c5dcf1504..055dfcec2 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -175,6 +175,10 @@ configs: # -- The name of tracking label used by Argo CD for resource pruning application.instanceLabelKey: argocd.argoproj.io/instance + # -- Enable control of the service account used for the sync operation + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/ + application.sync.impersonation.enabled: "false" + # -- Enable logs RBAC enforcement ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement server.rbac.log.enforce.enable: false From bbbdf6fe3274b5ff20593711d7bf2690d1bcd337 Mon Sep 17 00:00:00 2001 From: Nick Heijmink Date: Fri, 24 Jan 2025 16:21:54 +0100 Subject: [PATCH 2/4] update documentation Signed-off-by: Nick Heijmink --- charts/argo-cd/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 2b223a6fb..bea7e12d8 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -726,6 +726,7 @@ NAME: my-release | configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user | | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | +| configs.cm."application.sync.impersonation.enabled" | string | `"false"` | Enable control of the service account used for the sync operation | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | | configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge | From 53146257ca0b8b2a0c489929f33d03b30a1368a4 Mon Sep 17 00:00:00 2001 From: Nick Heijmink <75807895+Nheijmink19@users.noreply.github.com> Date: Mon, 27 Jan 2025 10:38:56 +0100 Subject: [PATCH 3/4] Add alpha label to comment of sa sync impersonation Co-authored-by: Aikawa Signed-off-by: Nick Heijmink <75807895+Nheijmink19@users.noreply.github.com> --- charts/argo-cd/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 055dfcec2..fe57ac246 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -175,7 +175,7 @@ configs: # -- The name of tracking label used by Argo CD for resource pruning application.instanceLabelKey: argocd.argoproj.io/instance - # -- Enable control of the service account used for the sync operation + # -- Enable control of the service account used for the sync operation (alpha) ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/ application.sync.impersonation.enabled: "false" From c9c440bb76e569c7fd8343a4c0cbdadced6c704e Mon Sep 17 00:00:00 2001 From: Nick Heijmink Date: Mon, 27 Jan 2025 10:45:02 +0100 Subject: [PATCH 4/4] Fix the docs Signed-off-by: Nick Heijmink --- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index bea7e12d8..04d8f1ad2 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -726,7 +726,7 @@ NAME: my-release | configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user | | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | -| configs.cm."application.sync.impersonation.enabled" | string | `"false"` | Enable control of the service account used for the sync operation | +| configs.cm."application.sync.impersonation.enabled" | bool | `false` | Enable control of the service account used for the sync operation (alpha) | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | | configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index fe57ac246..b802d1ead 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -177,7 +177,7 @@ configs: # -- Enable control of the service account used for the sync operation (alpha) ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/ - application.sync.impersonation.enabled: "false" + application.sync.impersonation.enabled: false # -- Enable logs RBAC enforcement ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement