Andrej Flieger
Reputation: 41
Control Access in ArgoCD
I have the RedHat GitOps Operator runnung that provides access to ArgoCD. Login to ArgoCD works via a OICD Provider.
I now want to control visibility of Applications and ApplicationSets inside ArgoCD the same way the user has access in OpenShift.
Our users have AD groups assigned, e.g., AR-Project-xyz-admin or similar. Via these groups, the user now only has access to the project/namespace xyz.
We create the AppProject and the ApplicationSet as illustrated below:
local namespace = std.extVar("projectPrefix") + "-" + std.extVar("projectName");
kind: 'AppProject',
apiVersion: 'argoproj.io/v1alpha1',
metadata: {
name: namespace,
namespace: 'openshift-gitops',
},
spec: {
description: 'Project to manage ' + std.extVar("displayName") + ' applications.',
destinations: [
{
name: 'in-cluster',
server: 'https://kubernetes.default.svc',
namespace: namespace,
},
{
name: 'in-cluster',
server: 'https://kubernetes.default.svc',
namespace: namespace + '-*',
},
],
...
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: openshift-projects
spec:
goTemplate: true
generators:
...
For me now it is unclear, how I can control that the user with AR-Project-xyz-admin can only see these AppProjects and the ApplicationSet have the name set to xyz.
Many thanks in advance for your support.
Upvotes: 0
Views: 53
Answers (0)
Related Questions
- User projects metrics not visible in OpenShift Prometheus
- Argocd application resource stuck at deletion
- ArgoCD: Provide git commit SHA to Helm values
- Can an AppProject role grant access to another ArgoCD project?
- Deploy through ArgoCD with same image name and tag ( image:latest )
- Push Docker Image to Private Repo In Openshift
- ArgoCD bootstrapping with terraform in Azure Pipeline
- Restricting allowed kubernetes types to be deployed with ArgoCD
- Service account role bindings not working for API access