You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
When using a cluster scoped instance of Argo CD the operator will create a separate and hard coded set of clusterroles and clusterrolebindings. Users that want to lock down the permissions of their instances need the ability to use an alternate set of clusterroles.
Describe the solution you'd like
Enable users to specify their own roles using the environment variables CONTROLLER_CLUSTER_SCOPE_ROLE and SERVER_CLUSTER_SCOPE_ROLE
Describe alternatives you've considered
Updates to the cluster role created by the operator get overridden by the operator so it's not a suitable approach.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
When using a cluster scoped instance of Argo CD the operator will create a separate and hard coded set of clusterroles and clusterrolebindings. Users that want to lock down the permissions of their instances need the ability to use an alternate set of clusterroles.
As an example, the new feature in Argo CD 2.10 to auto-respect RBAC (https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#auto-respect-rbac-for-controller) enables users to remove the cluster-wide view all permissions required by a cluster scoped instance and provide a much more tailored set of permissions. However the Argo CD Operator hard codes this cluster role to define view all permissions.
Describe the solution you'd like
Enable users to specify their own roles using the environment variables
CONTROLLER_CLUSTER_SCOPE_ROLE
andSERVER_CLUSTER_SCOPE_ROLE
Describe alternatives you've considered
Updates to the cluster role created by the operator get overridden by the operator so it's not a suitable approach.
The text was updated successfully, but these errors were encountered: