feat(argo-image-updater): add podSecurityPolicy and rbac permission

[yanehi]

We have the problem that for image writeback the argocd-image-updater needs to access its rootFS. Our Pods are running unprivileged and not in kube-system namespace, so iam not be able to change readOnlyRootFilesystem in the values.yml to true.

Errors:

time="2021-09-15T14:52:10Z" level=info msg="Processing results: applications=1 images_considered=1 images_skipped=0 images_updated=0 errors=1"
time="2021-09-15T14:52:10Z" level=error msg="Could not update application spec: mkdir /tmp/git-XXXXXXXXXX: read-only file system" application=XXXXX

Checklist:

• I have bumped the chart version according to versioning
• I have updated the chart changelog with all the changes that come with this pull request according to changelog.
• Any new values are backwards compatible and/or have sensible default.
• I have signed off all my commits as required by DCO.
• My build is green (troubleshooting builds).

Changes are automatically published when merged to master. They are not published on branches.

[mkilchhofer]

IMHO this is the wrong direction to fix this. As far as I understand, this pod only wants to have its own temporary scratch space.
In my opinion we'd better mount an emptyDir volume on /tmp like other argo components use.

[mkilchhofer]

Can you please retest it with version 0.1.1? I think I resolved it via PR #933

[github-actions]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.