Helm chart 1.1.1 missing leases RBAC permissions (leader election fails) #3757
Description
Describe the bug
Installing argocd-image-updater via Helm chart 1.1.1 results in a ClusterRole that does not include permissions for coordination.k8s.io/leases.
Related helm chart
argocd-image-updater
Helm chart version
1.1.1
To Reproduce
-
Install Argo CD Image Updater using the official Helm chart:
helm repo add argo https://argoproj.github.io/argo-helm
helm repo updatehelm install argocd-image-updater argo/argocd-image-updater
--namespace argocd
--create-namespace -
Verify the created ClusterRole:
kubectl get clusterrole argocd-image-updater -o yaml
- Observe that the ClusterRole does NOT include permissions for:
apiGroup: coordination.k8s.io
resource: leases
- Observe repeated leader election errors:
leases.coordination.k8s.io "" is forbidden:
User "system:serviceaccount:argocd:argocd-image-updater"
cannot get resource "leases"
- Confirm missing permission:
kubectl auth can-i get leases
--as=system:serviceaccount:argocd:argocd-image-updater
-n argocd
Output:
no
Expected behavior
Installing argocd-image-updater using the official Helm chart should create all required RBAC resources automatically, including permissions for leader election.
Specifically, the generated ClusterRole should include permissions for:
- apiGroup: coordination.k8s.io
- resource: leases
- verbs: get, list, watch, create, update, patch
After installation, the controller should successfully acquire a leader lease and run without RBAC errors or restart loops, without requiring any manual patching of ClusterRoles.
Screenshots
No response
Additional context
No response