Comments (5)
Administrators usually receive permission to edit the entire argocd-rbac-cm object, where fine granular edits can not be distinguished by the Kubernetes ConfigMap API.
We have an alternative solution (maybe a viable for this use-case) to address rbac granular edits called Policy CSV Composition and is documented here. This way admins can provide independent patches. Was this approach considered? If it was, what were the problems identified with it?
from argo-cd.
Administrators usually receive permission to edit the entire argocd-rbac-cm object, where fine granular edits can not be distinguished by the Kubernetes ConfigMap API.
We have an alternative solution (maybe a viable for this use-case) to address rbac granular edits called Policy CSV Composition and is documented here. This way admins can provide independent patches. Was this approach considered? If it was, what were the problems identified with it?
We have considered that approach. We currently use ArgoCD with Crossplane, so the CRD would offer a way to automate the config, which is not given using the Policy CSV Composition. Moreover the suggested CRD would offer an easier, more stable way to config the RBAC with built-in validation before runtime. It would also reduce the risk of people misapplying and misunderstanding the config (e.g. "local user" RBAC), since it would be built similar to k8s' RBAC.
from argo-cd.
@ggkhrmv Thank you for confirming. We discussed about this proposal in the Argo Contributor's meeting today. While we are not opposed to having a dedicated CRD/Controller to manage Argo CD RBAC, we agree that this can be implemented in an independent project. We can create a dedicated repository for this controller under the argoproj-labs
github org if this is something that you would be willing to implement.
from argo-cd.
@leoluz You're welcome! I'd be happy to implement a dedicated CRD/Controller for RBAC-Management
from argo-cd.
@ggkhrmv Great! I am closing this issue for now and please ping me directly on CNCF Slack if you want to have a dedicated repo in argoproj-labs
to host controller's code.
Thank you!
from argo-cd.
Related Issues (20)
- Provide a way to intercept the rollback function logic with custom logic
- helm values files wildcard in multi source HOT 1
- Helm Chart manifest creates recursive app within app HOT 2
- feat: upgrade dexIDP from 2.37.0 -> 2.39.x HOT 2
- When deploying multiple versions of a Helm Chart through Kustomize only the first defined version is used.
- Multiple source values ref in "app details"-"parameters" do not show targetRevision HOT 2
- Multiple source values ref targetRevision not shown in the main UI out of synch "from" HOT 1
- Custom values ignored if values.yaml not present on multi source apps
- No Sync Triggered for Apps generated by AppSet's Cluster Generator when Annotation/Label change
- Update single Cluster label via API
- Notification subscriptions on AppProject resources not working when using apps-in-any-namespace feature
- all logging out of all contexts in a single command, or at least listing contexts in machine readable format
- Add application name to appcontroller logs HOT 7
- Add resource name to the notifications controller util logs HOT 1
- Upgrade github.com/go-jose/go-jose.v3 to v3.0.3 to address Security vulnerability HOT 1
- Cluster secrets with identical server URL should resolve to the same shard HOT 3
- Sync from UI for Multi source application stopped working on v2.11.0 HOT 9
- Possible race condition in `helmTemplate` / `runHelmBuild`
- Unable to load data: error getting cached app managed resources: EOF on V2.10
- Timeout Errors and Resource Loading Issues in HA Argo CD with Rancher Managed Clusters
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from argo-cd.