add parsing of the new single namespace var to cm and env var

Author: philipkotliyakov

charts/gitops-runtime/templates/_components/cap-app-proxy/_all_resources.yaml

@@ -10,4 +10,6 @@
   {{ include "cap-app-proxy.resources.service" . }}
 ---
   {{ include "cap-app-proxy.resources.sa" .}}
+---
+  {{ include "argo-cd.namespaced-rbac.all" . }}
 {{- end }}

charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml

@@ -11,6 +11,7 @@ env: {{ .Values.config.env | quote}}
 isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }}
 isExternalArgoCD: {{ .Values.global.runtime.isExternalArgoCD | quote }}
 runtimeName: {{ required "global.runtime.name is required" .Values.global.runtime.name | quote}}
+runtimeSingleNamespace: {{ .Values.app-proxy.singleNamespace | quote }}
 skipGitPermissionValidation: {{ .Values.config.skipGitPermissionValidation | quote }}
 logLevel: {{ .Values.config.logLevel | quote }}
   {{- $enrichmentValues := get .Values "image-enrichment" }}

charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml

@@ -0,0 +1,3 @@
+{{- include "argo-cd.namespaced-rbac.role" . }}
+---
+{{- include "argo-cd.namespaced-rbac.rolebinding" . }} 

charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.app-proxy.singleNamespace }}
+{{- define "argo-cd.namespaced-rbac.role" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: argocd-namespaced-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "codefresh-gitops-runtime.labels" . | nindent 4 }}
+    codefresh.io/component: argocd-namespaced-rbac
+rules:
+- apiGroups: [""]
+  resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "configmaps", "secrets", "serviceaccounts"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["apps"]
+  resources: ["deployments", "replicasets", "statefulsets", "daemonsets"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["batch"]
+  resources: ["jobs", "cronjobs"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["ingresses", "networkpolicies"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["rbac.authorization.k8s.io"]
+  resources: ["roles", "rolebindings"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+{{- end }}
+{{- end }} 

charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.app-proxy.singleNamespace }}
+{{- define "argo-cd.namespaced-rbac.rolebinding" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: argocd-namespaced-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "codefresh-gitops-runtime.labels" . | nindent 4 }}
+    codefresh.io/component: argocd-namespaced-rbac
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: argocd-namespaced-role
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }} 

charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml

@@ -109,6 +109,12 @@ RUNTIME_NAME:
     configMapKeyRef:
       name: cap-app-proxy-cm
       key: runtimeName
+RUNTIME_SINGLE_NAMESPACE:
+  valueFrom:
+    configMapKeyRef:
+      name: cap-app-proxy-cm
+      key: runtimeSingleNamespace
+      optional: true
 RUNTIME_TOKEN:
   valueFrom:
     secretKeyRef:
@@ -210,6 +216,7 @@ IRW_JIRA_ENRICHMENT_TASK_IMAGE:
       name: cap-app-proxy-cm
       key: enrichmentJiraEnrichmentImage
       optional: true
+
 NODE_EXTRA_CA_CERTS: /app/config/all/all.cer
 {{- if gt (int .Values.replicaCount) 1 }}
 LEADER_ID:

charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml

@@ -15,6 +15,7 @@ COMMIT_STATUS_POLLING_INTERVAL: {{ .Values.config.commitStatusPollingInterval }}
 WORKFLOW_MONITOR_POLLING_INTERVAL: {{ .Values.config.workflowMonitorPollingInterval }}
 MAX_CONCURRENT_RELEASES: {{ .Values.config.maxConcurrentReleases }}
 PROMOTION_WRAPPER_TEMPLATE: {{ .Values.config.promotionWrapperTemplate | quote }}
+RUNTIME_SINGLE_NAMESPACE: {{ .Values.app-proxy.singleNamespace }}
 {{- end }}
 
 {{- define "gitops-operator.resources.environment-variables.defaults" -}}

charts/gitops-runtime/templates/_components/gitops-operator/crds/_all.yaml

@@ -14,7 +14,9 @@
 ---
   {{- include "gitops-operator.crds.product" $context }}
 ---
+  {{- if not .Values.app-proxy.singleNamespace }}
   {{- include "gitops-operator.crds.restricted-gitsource" $context }}
+  {{- end }}
 ---
   {{- include "gitops-operator.crds.promotion-policy" $context }}
 {{- end }}

charts/gitops-runtime/templates/_components/gitops-operator/rbac/_all.yaml

@@ -13,7 +13,9 @@
 ---
   {{- include "gitops-operator.resources.leader-election-rbac" $context  }}
 ---
+  {{- if not .Values.app-proxy.singleNamespace }}
   {{- include "gitops-operator.resources.restricted-git-source-rbac" $context }}
+  {{- end }}
 ---
   {{- include "gitops-operator.resources.rbac-operator" $context }}
 {{- end }}

charts/gitops-runtime/templates/codefresh-cm.yaml

@@ -15,4 +15,5 @@ data:
   ingressController: {{ .Values.global.runtime.ingress.className | default "" | quote }}
   ingressHost: {{ include "codefresh-gitops-runtime.ingress-url" . }}
   isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }} 
+  singleNamespace: {{ .Values.app-proxy.singleNamespace | quote }}
   version: {{ .Chart.AppVersion }}