Comments (2)
agaudreault
commented on July 20, 2024
I made changes to the rbac documentation to clarify it. Maybe https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/#application-specific-policy will help you.
For namespace restriction within an Application, you should use https://argo-cd.readthedocs.io/en/latest/user-guide/projects/#projects.
from argo-cd.
christianh814
commented on July 20, 2024
Something like this is probably what you want (needs testing)
For example, if I want my group Developers to deploy/manage anything in the mars namespace in every cluster I would do something like this
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: mars
spec:
clusterResourceWhitelist:
- group: '*'
kind: '*'
destinations:
- namespace: 'mars'
server: '*'
sourceRepos:
- '*'
roles:
- description: Manage anything in the mars namespace
name: mars-developer
policies:
- p, proj:mars:mars-developer, *, *, mars/*, allow
groups:
- Developersfrom argo-cd.
Related Issues (20)
- Expose ArgoCD version in metrics HOT 1
- LKLK
- Persistent SSO login with OpenUnison not working HOT 5
- UI - Credentials Template misleading HOT 1
- Dark Mode: Collapsed sections color is white HOT 1
- [2.12-RC1] "revision not found" error when calling Application API RevisionMetadata
- applicationset-controller update to latest version after 6.17, get fatal error: Could not read from remote repository
- how to fix? HOT 1
- Fail to block share resource app when syncing app right after creating it
- [Docs] incorrect regex to get currentVersion
- ReadTheDocs all old version js file is not same with latest version. HOT 1
- After upgrading from `2.10.12` to `2.11` all applications sourced from github stopped working due to `failed to get git client for repo https://github.com/cxxx.git`
- Unable to deploy or add oci enable helm repository presented in Harbor's project(private/public) HOT 1
- error HOT 2
- Upon upgrading from EKS 1.29 to 1.30 argocd is marking assigned nodeports as out of sync HOT 5
- RBAC policy not honored for Google SSO logged in user, member of particular group HOT 4
- not able to connect with public github repo HOT 2
- UID not unique error when trying to build images on Linux systems
- Error syncing `Job` due to `spec.podReplacementPolicy: field not declared in schema` HOT 2
- Add pull request state to the github pull request generator HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from argo-cd.