How to restrict Argo permissions to specific namespaces within its cluster #3163
Labels
bug
Something isn't working
Comments
|
I am new to Argo, but after some more digging it looks like Projects may be able to solve this use case for me. I just have to be sure only cluster admins can manage Argo projects https://argo-cd.readthedocs.io/en/stable/user-guide/projects/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As a cluster owner, I want to make Argo available to development teams to use in the cluster. I want to restrict Argo to only have permissions in certain namespaces. Most of the docs seem to suggest giving Argo permission to manage all resources in all namespaces.
Is there any way built in to the helm chart(s) to not create any admin type highly permissive
ClusterRoleBindingsand instead only createRoleBindingsin a given list of namespaces I want Argo to be able to watch and deploy to? If this is not built-in to the helm chart(s), is there a step by step guide of which ClusterRoleBindings I should drop and replace with RoleBindings in my list of namespaces?Related helm chart
argo-cd
To Reproduce
Deploy argo-cd, it is super admin across entire cluster. I want to restrict to only RoleBindings within given list of namespaces, not ClusterRoleBindings everywhere
Expected behavior
Restrict Argo to only operate in a restricted list of namespaces
The text was updated successfully, but these errors were encountered: