Comments (5)
Administrators usually receive permission to edit the entire argocd-rbac-cm object, where fine granular edits can not be distinguished by the Kubernetes ConfigMap API.
We have an alternative solution (maybe a viable for this use-case) to address rbac granular edits called Policy CSV Composition and is documented here. This way admins can provide independent patches. Was this approach considered? If it was, what were the problems identified with it?
from argo-cd.
Administrators usually receive permission to edit the entire argocd-rbac-cm object, where fine granular edits can not be distinguished by the Kubernetes ConfigMap API.
We have an alternative solution (maybe a viable for this use-case) to address rbac granular edits called Policy CSV Composition and is documented here. This way admins can provide independent patches. Was this approach considered? If it was, what were the problems identified with it?
We have considered that approach. We currently use ArgoCD with Crossplane, so the CRD would offer a way to automate the config, which is not given using the Policy CSV Composition. Moreover the suggested CRD would offer an easier, more stable way to config the RBAC with built-in validation before runtime. It would also reduce the risk of people misapplying and misunderstanding the config (e.g. "local user" RBAC), since it would be built similar to k8s' RBAC.
from argo-cd.
@ggkhrmv Thank you for confirming. We discussed about this proposal in the Argo Contributor's meeting today. While we are not opposed to having a dedicated CRD/Controller to manage Argo CD RBAC, we agree that this can be implemented in an independent project. We can create a dedicated repository for this controller under the argoproj-labs
github org if this is something that you would be willing to implement.
from argo-cd.
@leoluz You're welcome! I'd be happy to implement a dedicated CRD/Controller for RBAC-Management
from argo-cd.
@ggkhrmv Great! I am closing this issue for now and please ping me directly on CNCF Slack if you want to have a dedicated repo in argoproj-labs
to host controller's code.
Thank you!
from argo-cd.
Related Issues (20)
- 2.11.0 -> 2.11.1 changed the Registry for Redis and HAProxy from Docker to Amazon ECR breaking Cosign verification HOT 8
- application-controller hung mid-processing
- Add livenessProbe for argocd-application-controller HOT 1
- Large binary log output in Loki
- Server-Side Diff shows OutOfSync despite ignoreDifferences enabled and slow reconciliation performance
- Refresh Failed: can not refresh repository which contains submodules cause argocd modified some files
- helm post-delete hooks is not working with argocd as expected
- argocd-redis secret-init initcontainer timeout HOT 10
- The order of sources (git/helm) in multi-source application matters in case of app diff & manifests features HOT 1
- AppProjects don't check all namespaces before finalizing deletion HOT 1
- Concurrency Issue with Slugify Function HOT 1
- UI error
- Unable to override json value when using multiple sources to build argocd application HOT 1
- Generic Web API Provider Configuration
- argocd app sync --preview-changes actually performes sync HOT 1
- Argo CD validating duplicate variables and causing sync issues HOT 1
- ArgoCD webhook refresh causes apps to go into Unknown state
- The pod log view dark mode toggle fails to set the log background to dark when activated
- Docs - site is confused about current version HOT 1
- Mitigate issues with helm charts using the 'app.kubernetes.io/instance' label
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from argo-cd.