argo-helm
argo-helm copied to clipboard
argoproj
Argo Rollouts: Missing permissions on clusterInstall=false
Describe the bug
When using clusterInstall=false, The Role created in the argo-rollouts namespace is missing the following permissions:
- apiGroups:
- networking.istio.io resources:
- virtualservices
- destinationrules verbs:
- watch
- get
- update
- patch
- list
- apiGroups:
- coordination.k8s.io resources:
- leases verbs:
- create
- get
- update
Can see the missing permissions in role.yaml compared to clusterRole
Secondly:
When using dashboard.enabled=true in namespace only mode, no roles or rolebindings are created for the argo-rollouts-dashboard service account. Note, only CR/CRB are defined here
Related helm chart
argo-rollouts
Helm chart version
2.18.0
To Reproduce
helm template argo-rollouts argo/argo-rollouts --include-crds --version=2.18.0 -f components/helm/values.yaml -n argo-rollouts
with values.yaml: "clusterInstall": false with values.yaml: dashboard.enabled=true
Expected behaviour
The argo-rollouts role should have the aforementioned permissions The argo-rollouts-dashboard SA should have some Role and Rolebinding with permissions to create the dashboard in namespaced mode.
Screenshots
Additional context
No response
Note: DEPLOYMENT permissions are also missing from here https://github.com/argoproj/argo-helm/blob/main/charts/argo-rollouts/templates/controller/role.yaml
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi Team The bug with missing permission still exist. Is there any chance to have it fixed?
BR Mario
