feat(argo-cd): add custom roleRules support for application-controller

charts/argo-cd/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: v3.1.6
 kubeVersion: ">=1.25.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 8.5.2
+version: 8.5.3
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -26,5 +26,5 @@ annotations:
     fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
-    - kind: changed
-      description: Bump argo-cd to v3.1.6
+    - kind: added
+      description: Add custom roleRules support for application-controller Role resource

charts/argo-cd/README.md

@@ -941,6 +941,8 @@ NAME: my-release
 | controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. |
 | controller.resources | object | `{}` | Resource limits and requests for the application controller pods |
 | controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history |
+| controller.roleRules.enabled | bool | `false` | Enable custom rules for the application controller's Role resource |
+| controller.roleRules.rules | list | `[]` | List of custom rules for the application controller's Role resource |
 | controller.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the application controller |
 | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |

charts/argo-cd/templates/argocd-application-controller/role.yaml

@@ -6,6 +6,9 @@ metadata:
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 rules:
+{{- if .Values.controller.roleRules.enabled }}
+  {{- toYaml .Values.controller.roleRules.rules | nindent 2 }}
+{{- else }}
 - apiGroups:
   - ""
   resources:
@@ -58,3 +61,4 @@ rules:
   - create
   - update
 {{- end }}
+{{- end }}

charts/argo-cd/values.yaml

@@ -1140,6 +1140,14 @@ controller:
     # -- List of custom rules for the application controller's ClusterRole resource
     rules: []
 
+  ## Enable this and set the rules: to whatever custom rules you want for the Role resource.
+  ## Defaults to off
+  roleRules:
+    # -- Enable custom rules for the application controller's Role resource
+    enabled: false
+    # -- List of custom rules for the application controller's Role resource
+    rules: []
+
   # Default application controller's network policy
   networkPolicy:
     # -- Default network policy rules used by application controller