argo-helm
argo-helm copied to clipboard
Argo Rollouts: Missing permissions on clusterInstall=false
Describe the bug
When using clusterInstall=false, The Role created in the argo-rollouts namespace is missing the following permissions:
- apiGroups:
- networking.istio.io resources:
- virtualservices
- destinationrules verbs:
- watch
- get
- update
- patch
- list
- apiGroups:
- coordination.k8s.io resources:
- leases verbs:
- create
- get
- update
Can see the missing permissions in role.yaml compared to clusterRole
Secondly:
When using dashboard.enabled=true in namespace only mode, no roles or rolebindings are created for the argo-rollouts-dashboard service account. Note, only CR/CRB are defined here
Related helm chart
argo-rollouts
Helm chart version
2.18.0
To Reproduce
helm template argo-rollouts argo/argo-rollouts --include-crds --version=2.18.0 -f components/helm/values.yaml -n argo-rollouts
with values.yaml: "clusterInstall": false with values.yaml: dashboard.enabled=true
Expected behaviour
The argo-rollouts role should have the aforementioned permissions The argo-rollouts-dashboard SA should have some Role and Rolebinding with permissions to create the dashboard in namespaced mode.
Screenshots
![Screen Shot 2022-08-01 at 2 35 59 pm](https://user-images.githubusercontent.com/86707578/182074537-d58a6682-6582-473d-ab4b-069424015c1b.png)
![Screen Shot 2022-08-01 at 4 18 25 pm](https://user-images.githubusercontent.com/86707578/182084400-f1ad6d29-a555-40c4-9a82-87f0c994bbab.png)
Additional context
No response
Note: DEPLOYMENT permissions are also missing from here https://github.com/argoproj/argo-helm/blob/main/charts/argo-rollouts/templates/controller/role.yaml
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Hi Team The bug with missing permission still exist. Is there any chance to have it fixed?
BR Mario