fix(appset): add applicationset leader election to roles and clean up (#14369) (#23976)

Signed-off-by: Manuelraa <kontakt@manuel-rapp.de>
Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>
Co-authored-by: Manuelraa <kontakt@manuel-rapp.de>
This commit is contained in:
rumstead 2025-07-29 11:38:53 -04:00 committed by GitHub
parent 998253aa41
commit 31e0f428e8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 274 additions and 271 deletions

View file

@ -38,7 +38,7 @@ rules:
- patch
- update
- apiGroups:
- ''
- ""
resources:
- events
verbs:
@ -48,7 +48,7 @@ rules:
- patch
- watch
- apiGroups:
- ''
- ""
resources:
- secrets
- configmaps
@ -56,12 +56,22 @@ rules:
- get
- list
- watch
# argocd-applicationset-controller leader election rules
# Create with resourceNames fails, so use a separate rule for the lease creation
- apiGroups:
- apps
- extensions
- coordination.k8s.io
resources:
- deployments
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
# Defined in `cmd/argocd-applicationset-controller/commands/applicationset_controller.go`
- 58ac56fa.applicationsets.argoproj.io
verbs:
- get
- list
- watch
- update
- create

View file

@ -1,90 +1,77 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argocd-applicationset-controller
labels:
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: applicationset-controller
name: argocd-applicationset-controller
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- applicationsets
- applicationsets/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- argoproj.io
resources:
- appprojects
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- update
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- applications
- applicationsets
- applicationsets/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- appprojects
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
# argocd-applicationset-controller leader election rules
# Create with resourceNames fails, so use a separate rule for the lease creation
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
# Defined in `cmd/argocd-applicationset-controller/commands/applicationset_controller.go`
- 58ac56fa.applicationsets.argoproj.io
verbs:
- get
- update
- create

View file

@ -24148,14 +24148,21 @@ rules:
- list
- watch
- apiGroups:
- apps
- extensions
- coordination.k8s.io
resources:
- deployments
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- list
- watch
- update
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role

View file

@ -24139,14 +24139,21 @@ rules:
- list
- watch
- apiGroups:
- apps
- extensions
- coordination.k8s.io
resources:
- deployments
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- list
- watch
- update
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role

View file

@ -24186,14 +24186,21 @@ rules:
- list
- watch
- apiGroups:
- apps
- extensions
- coordination.k8s.io
resources:
- deployments
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- list
- watch
- update
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
@ -24392,14 +24399,6 @@ rules:
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- argoproj.io
resources:
@ -24408,6 +24407,14 @@ rules:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
@ -24418,31 +24425,11 @@ rules:
- list
- patch
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- update
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
- configmaps
verbs:
- get
- list
@ -24453,12 +24440,16 @@ rules:
- leases
verbs:
- create
- delete
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- list
- patch
- update
- watch
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole

View file

@ -24177,14 +24177,21 @@ rules:
- list
- watch
- apiGroups:
- apps
- extensions
- coordination.k8s.io
resources:
- deployments
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- list
- watch
- update
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
@ -24383,14 +24390,6 @@ rules:
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- argoproj.io
resources:
@ -24399,6 +24398,14 @@ rules:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
@ -24409,31 +24416,11 @@ rules:
- list
- patch
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- update
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
- configmaps
verbs:
- get
- list
@ -24444,12 +24431,16 @@ rules:
- leases
verbs:
- create
- delete
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- list
- patch
- update
- watch
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole

View file

@ -189,14 +189,21 @@ rules:
- list
- watch
- apiGroups:
- apps
- extensions
- coordination.k8s.io
resources:
- deployments
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- list
- watch
- update
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role

View file

@ -180,14 +180,21 @@ rules:
- list
- watch
- apiGroups:
- apps
- extensions
- coordination.k8s.io
resources:
- deployments
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- list
- watch
- update
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role

View file

@ -24175,14 +24175,21 @@ rules:
- list
- watch
- apiGroups:
- apps
- extensions
- coordination.k8s.io
resources:
- deployments
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- list
- watch
- update
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
@ -24359,14 +24366,6 @@ rules:
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- argoproj.io
resources:
@ -24375,6 +24374,14 @@ rules:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
@ -24385,31 +24392,11 @@ rules:
- list
- patch
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- update
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
- configmaps
verbs:
- get
- list
@ -24420,12 +24407,16 @@ rules:
- leases
verbs:
- create
- delete
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- list
- patch
- update
- watch
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole

67
manifests/install.yaml generated
View file

@ -24166,14 +24166,21 @@ rules:
- list
- watch
- apiGroups:
- apps
- extensions
- coordination.k8s.io
resources:
- deployments
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- list
- watch
- update
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
@ -24350,14 +24357,6 @@ rules:
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- argoproj.io
resources:
@ -24366,6 +24365,14 @@ rules:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
@ -24376,31 +24383,11 @@ rules:
- list
- patch
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- update
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
- configmaps
verbs:
- get
- list
@ -24411,12 +24398,16 @@ rules:
- leases
verbs:
- create
- delete
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- list
- patch
- update
- watch
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole

View file

@ -178,14 +178,21 @@ rules:
- list
- watch
- apiGroups:
- apps
- extensions
- coordination.k8s.io
resources:
- deployments
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- list
- watch
- update
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role

View file

@ -169,14 +169,21 @@ rules:
- list
- watch
- apiGroups:
- apps
- extensions
- coordination.k8s.io
resources:
- deployments
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- list
- watch
- update
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role