fix: argocd istio rules

charts/kubezero-argocd/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
 name: kubezero-argocd
-version: 0.8.7
+version: 0.8.8
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:

charts/kubezero-argocd/templates/istio-authorization-policy.yaml

@@ -4,8 +4,9 @@ apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: argocd-deny-not-in-ipblocks
+  namespace: istio-system
   labels:
-{{ include "kubezero-lib.labels" . | indent 4 }}
+    {{- include "kubezero-lib.labels" . | nindent 4 }}
 spec:
   selector:
     matchLabels:
@@ -15,9 +16,7 @@ spec:
   - from:
     - source:
         notIpBlocks:
-        {{- with .Values.istio.ipBlocks }}
-        {{- . | toYaml | nindent 8 }}
-        {{- end }}
+        {{- toYaml .Values.istio.ipBlocks | nindent 8 }}
     to:
     - operation:
         hosts: ["{{ index .Values "argo-cd" "server" "config" "url" }}"]

charts/kubezero-argocd/templates/istio-service.yaml

@@ -3,6 +3,7 @@ apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
   name: argocd-server
+  namespace: {{ $.Release.Namespace }}
   labels:
 {{ include "kubezero-lib.labels" . | indent 4 }}
 spec: