Service Account argocd-applicationset-controller need in permissions on listing appprojects

BoyFromDubai commented 2 months ago

Checklist:

[ ] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
[ ] I've included steps to reproduce the bug.
[ ] I've pasted the output of argocd version.

Describe the bug

Service Account argocd:argocd-applicationset-controller needs in permissions for listing appprojects

To Reproduce

We are using app of apps pattern, where applications generate applicationsets, so faced this issue after upgrading to pre-release version

Expected behavior

Applicationset is able to generate applications

Screenshots

Version

v2.12.0-rc1

Logs

E0715 15:51:16.144024       7 reflector.go:147] pkg/mod/k8s.io/client-go@v0.29.6/tools/cache/reflector.go:229: Failed to watch *v1alpha1.AppProject: failed to list *v1alpha1.AppProject: appprojects.argoproj.io is forbidden: User "system:serviceaccount:argocd:argocd-applicationset-controller" cannot list resource "appprojects" in API group "argoproj.io" in the namespace "argocd"

ishitasequeira commented 2 months ago

This should be fixed by https://github.com/argoproj/argo-cd/pull/18943 and available in latest RCs. @BoyFromDubai can you try the latest 2.12 RC and see if you are still facing the issue?

hodorov commented 1 month ago

@ishitasequeira fix don't work for cluster-rbac install, PR #8943 change only Role, ClusterRole is missing. Prepare PR to fix this - #19430

(Also prepare fix for argo helm chart - argoproj/argo-helm#2868)

argoproj / argo-cd

Service Account argocd-applicationset-controller need in permissions on listing appprojects #19059