Comments (6)
@iam-veeramalla I think it can be closed
from gitops-operator.
+1 This one is really important to get in place, or else the applicable use of argo is really limited.
We use a lot of CRs and usually create a clusterrole for each such onboarding, labelling them with bac.authorization.k8s.io/aggregate-to-admin: "true"
in order to hand them out by scale.
I wish the role which each argo binds to can either be influenced by the CR creating argo-instances (gives better control), or that the instances bind to a common cluster-role, which can be aggregated to as described above.
from gitops-operator.
Hmm, this does no longer seem to be a problem as of v1.2.1 of the operator? The role argocd-argocd-application-controller
seems to include most/all CRs, but I cannot find anything in the changelog (or update of this issue), among them:
k get role argocd-argocd-application-controller -o yaml|grep -i sealedse
- sealedsecrets
from gitops-operator.
Hi @rgordill @davidkarlsen , There are a couple of ways in which you can extend the permissions of Argo CD application controller.
-
By creating a new cluster role/ cluster role binding.
https://github.com/redhat-developer/gitops-operator/blob/master/docs/OpenShift%20GitOps%20Usage%20Guide.md#additional-permissions -
Using custom cluster roles(if are talking about managing other namespaces)
https://github.com/redhat-developer/gitops-operator/blob/master/docs/OpenShift%20GitOps%20Usage%20Guide.md#deploy-resources-to-a-different-namespace-with-custom-role
from gitops-operator.
Please let me know if this can be closed.
from gitops-operator.
Dunno. After almost a year, maybe the documents are updated and there is no need for anything else. Maybe it is better to give full access to the whole cluster to the service account. Yes, you can close this issue, as I cannot tell if it is relevant with latests releases.
from gitops-operator.
Related Issues (20)
- Provide Ingress configuration option for reverse proxy (or documentation if already available) HOT 4
- Add support for progressive delivery using Argo Rollouts
- RBAC Error to reconciler controller.argo HOT 2
- Default Github.com RSA key no longer matches upstream, causing errors HOT 3
- Enable ignored e2e tests
- Fix Kam Image reconcliation during upgrades HOT 1
- Add Siddhesh Ghadi as Reviewer on all the Supported branches
- NodePlacement or Toleration/NodeSelector not working HOT 1
- Operator stuck on 1.7.2 and can't upgrade it HOT 14
- Server ingress not setting `ingressClassName` once ArgoCD instance gets updated with the field HOT 1
- (Extra)VolumeMount for appset controller
- Cant install operator 1.10.1 on OKD 4.14 HOT 1
- ArgoCD object should use argocd-server-tls secret in openshift-gitops namespace for TLS cert HOT 1
- resource.customizations.ignoreDifferences doesn't save configuration
- Resource requests for default instance are excessive for small use cases
- Diffs not being detected
- Allow Volumes/VolumeMounts to pass through to the Deployment HOT 8
- Can't set any Proxy for SCMProvider Generator in my ApplicationSet
- ApplicationSets CRD cannot be watched / listed by argocd-server SA HOT 1
- Adding cluster via ArgoCD CLI HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gitops-operator.