diff --git a/manifests/base/applicationset-controller/argocd-applicationset-controller-role.yaml b/manifests/base/applicationset-controller/argocd-applicationset-controller-role.yaml index 3eaf779dd6..3482b7936f 100644 --- a/manifests/base/applicationset-controller/argocd-applicationset-controller-role.yaml +++ b/manifests/base/applicationset-controller/argocd-applicationset-controller-role.yaml @@ -38,7 +38,7 @@ rules: - patch - update - apiGroups: - - '' + - "" resources: - events verbs: @@ -48,7 +48,7 @@ rules: - patch - watch - apiGroups: - - '' + - "" resources: - secrets - configmaps @@ -56,12 +56,22 @@ rules: - get - list - watch + # argocd-applicationset-controller leader election rules + # Create with resourceNames fails, so use a separate rule for the lease creation - apiGroups: - - apps - - extensions + - coordination.k8s.io resources: - - deployments + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + # Defined in `cmd/argocd-applicationset-controller/commands/applicationset_controller.go` + - 58ac56fa.applicationsets.argoproj.io verbs: - get - - list - - watch + - update + - create diff --git a/manifests/cluster-rbac/applicationset-controller/argocd-applicationset-controller-clusterrole.yaml b/manifests/cluster-rbac/applicationset-controller/argocd-applicationset-controller-clusterrole.yaml index b550e36f9a..cbfc38c30c 100644 --- a/manifests/cluster-rbac/applicationset-controller/argocd-applicationset-controller-clusterrole.yaml +++ b/manifests/cluster-rbac/applicationset-controller/argocd-applicationset-controller-clusterrole.yaml @@ -1,90 +1,77 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + name: argocd-applicationset-controller labels: app.kubernetes.io/name: argocd-applicationset-controller app.kubernetes.io/part-of: argocd app.kubernetes.io/component: applicationset-controller - name: argocd-applicationset-controller rules: -- apiGroups: - - argoproj.io - resources: - - applications - - applicationsets - - applicationsets/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - argoproj.io - resources: - - applicationsets/status - verbs: - - get - - patch - - update -- apiGroups: - - argoproj.io - resources: - - appprojects - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - update - - delete - - get - - list - - patch - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - apps - - extensions - resources: - - deployments - verbs: - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - list + - watch + - apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch + # argocd-applicationset-controller leader election rules + # Create with resourceNames fails, so use a separate rule for the lease creation + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + # Defined in `cmd/argocd-applicationset-controller/commands/applicationset_controller.go` + - 58ac56fa.applicationsets.argoproj.io + verbs: + - get + - update + - create diff --git a/manifests/core-install-with-hydrator.yaml b/manifests/core-install-with-hydrator.yaml index c3700d745c..328266462a 100644 --- a/manifests/core-install-with-hydrator.yaml +++ b/manifests/core-install-with-hydrator.yaml @@ -24148,14 +24148,21 @@ rules: - list - watch - apiGroups: - - apps - - extensions + - coordination.k8s.io resources: - - deployments + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - 58ac56fa.applicationsets.argoproj.io + resources: + - leases verbs: - get - - list - - watch + - update + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 366fd4e58e..acf854d85a 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -24139,14 +24139,21 @@ rules: - list - watch - apiGroups: - - apps - - extensions + - coordination.k8s.io resources: - - deployments + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - 58ac56fa.applicationsets.argoproj.io + resources: + - leases verbs: - get - - list - - watch + - update + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/manifests/ha/install-with-hydrator.yaml b/manifests/ha/install-with-hydrator.yaml index 701740fad5..107f764afb 100644 --- a/manifests/ha/install-with-hydrator.yaml +++ b/manifests/ha/install-with-hydrator.yaml @@ -24186,14 +24186,21 @@ rules: - list - watch - apiGroups: - - apps - - extensions + - coordination.k8s.io resources: - - deployments + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - 58ac56fa.applicationsets.argoproj.io + resources: + - leases verbs: - get - - list - - watch + - update + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -24392,14 +24399,6 @@ rules: - patch - update - watch -- apiGroups: - - argoproj.io - resources: - - applicationsets/status - verbs: - - get - - patch - - update - apiGroups: - argoproj.io resources: @@ -24408,6 +24407,14 @@ rules: - get - list - watch +- apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update - apiGroups: - "" resources: @@ -24418,31 +24425,11 @@ rules: - list - patch - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - update - - delete - - get - - list - - patch - - watch - apiGroups: - "" resources: - secrets - verbs: - - get - - list - - watch -- apiGroups: - - apps - - extensions - resources: - - deployments + - configmaps verbs: - get - list @@ -24453,12 +24440,16 @@ rules: - leases verbs: - create - - delete +- apiGroups: + - coordination.k8s.io + resourceNames: + - 58ac56fa.applicationsets.argoproj.io + resources: + - leases + verbs: - get - - list - - patch - update - - watch + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index ae03549511..38afa01577 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -24177,14 +24177,21 @@ rules: - list - watch - apiGroups: - - apps - - extensions + - coordination.k8s.io resources: - - deployments + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - 58ac56fa.applicationsets.argoproj.io + resources: + - leases verbs: - get - - list - - watch + - update + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -24383,14 +24390,6 @@ rules: - patch - update - watch -- apiGroups: - - argoproj.io - resources: - - applicationsets/status - verbs: - - get - - patch - - update - apiGroups: - argoproj.io resources: @@ -24399,6 +24398,14 @@ rules: - get - list - watch +- apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update - apiGroups: - "" resources: @@ -24409,31 +24416,11 @@ rules: - list - patch - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - update - - delete - - get - - list - - patch - - watch - apiGroups: - "" resources: - secrets - verbs: - - get - - list - - watch -- apiGroups: - - apps - - extensions - resources: - - deployments + - configmaps verbs: - get - list @@ -24444,12 +24431,16 @@ rules: - leases verbs: - create - - delete +- apiGroups: + - coordination.k8s.io + resourceNames: + - 58ac56fa.applicationsets.argoproj.io + resources: + - leases + verbs: - get - - list - - patch - update - - watch + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/manifests/ha/namespace-install-with-hydrator.yaml b/manifests/ha/namespace-install-with-hydrator.yaml index 4b1ff368b5..89c7710a61 100644 --- a/manifests/ha/namespace-install-with-hydrator.yaml +++ b/manifests/ha/namespace-install-with-hydrator.yaml @@ -189,14 +189,21 @@ rules: - list - watch - apiGroups: - - apps - - extensions + - coordination.k8s.io resources: - - deployments + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - 58ac56fa.applicationsets.argoproj.io + resources: + - leases verbs: - get - - list - - watch + - update + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index 98f5140279..3164b9a5c0 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -180,14 +180,21 @@ rules: - list - watch - apiGroups: - - apps - - extensions + - coordination.k8s.io resources: - - deployments + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - 58ac56fa.applicationsets.argoproj.io + resources: + - leases verbs: - get - - list - - watch + - update + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/manifests/install-with-hydrator.yaml b/manifests/install-with-hydrator.yaml index f502313332..71964208f0 100644 --- a/manifests/install-with-hydrator.yaml +++ b/manifests/install-with-hydrator.yaml @@ -24175,14 +24175,21 @@ rules: - list - watch - apiGroups: - - apps - - extensions + - coordination.k8s.io resources: - - deployments + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - 58ac56fa.applicationsets.argoproj.io + resources: + - leases verbs: - get - - list - - watch + - update + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -24359,14 +24366,6 @@ rules: - patch - update - watch -- apiGroups: - - argoproj.io - resources: - - applicationsets/status - verbs: - - get - - patch - - update - apiGroups: - argoproj.io resources: @@ -24375,6 +24374,14 @@ rules: - get - list - watch +- apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update - apiGroups: - "" resources: @@ -24385,31 +24392,11 @@ rules: - list - patch - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - update - - delete - - get - - list - - patch - - watch - apiGroups: - "" resources: - secrets - verbs: - - get - - list - - watch -- apiGroups: - - apps - - extensions - resources: - - deployments + - configmaps verbs: - get - list @@ -24420,12 +24407,16 @@ rules: - leases verbs: - create - - delete +- apiGroups: + - coordination.k8s.io + resourceNames: + - 58ac56fa.applicationsets.argoproj.io + resources: + - leases + verbs: - get - - list - - patch - update - - watch + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/manifests/install.yaml b/manifests/install.yaml index 9fdce34bb0..fff5e553b1 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -24166,14 +24166,21 @@ rules: - list - watch - apiGroups: - - apps - - extensions + - coordination.k8s.io resources: - - deployments + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - 58ac56fa.applicationsets.argoproj.io + resources: + - leases verbs: - get - - list - - watch + - update + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -24350,14 +24357,6 @@ rules: - patch - update - watch -- apiGroups: - - argoproj.io - resources: - - applicationsets/status - verbs: - - get - - patch - - update - apiGroups: - argoproj.io resources: @@ -24366,6 +24365,14 @@ rules: - get - list - watch +- apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update - apiGroups: - "" resources: @@ -24376,31 +24383,11 @@ rules: - list - patch - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - update - - delete - - get - - list - - patch - - watch - apiGroups: - "" resources: - secrets - verbs: - - get - - list - - watch -- apiGroups: - - apps - - extensions - resources: - - deployments + - configmaps verbs: - get - list @@ -24411,12 +24398,16 @@ rules: - leases verbs: - create - - delete +- apiGroups: + - coordination.k8s.io + resourceNames: + - 58ac56fa.applicationsets.argoproj.io + resources: + - leases + verbs: - get - - list - - patch - update - - watch + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/manifests/namespace-install-with-hydrator.yaml b/manifests/namespace-install-with-hydrator.yaml index 36594ff9b4..4dc3d08065 100644 --- a/manifests/namespace-install-with-hydrator.yaml +++ b/manifests/namespace-install-with-hydrator.yaml @@ -178,14 +178,21 @@ rules: - list - watch - apiGroups: - - apps - - extensions + - coordination.k8s.io resources: - - deployments + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - 58ac56fa.applicationsets.argoproj.io + resources: + - leases verbs: - get - - list - - watch + - update + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 492f2e080f..98a55ddb23 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -169,14 +169,21 @@ rules: - list - watch - apiGroups: - - apps - - extensions + - coordination.k8s.io resources: - - deployments + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - 58ac56fa.applicationsets.argoproj.io + resources: + - leases verbs: - get - - list - - watch + - update + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role