Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-1479

Auto create role/bindings to allow Argo CD instance to manage applications


    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Minor Minor
    • None
    • None
    • ArgoCD
    • Auto create role/bindings to allow Argo CD instance to manage applications
    • False
    • False
    • To Do
    • 0% To Do, 0% In Progress, 100% Done


      When an Argo CD instance creates an Application in a namespace, the Argo CD instance should have permission to manage and deployment application resource in the namespace the application is deployed in.   The user should not need to manually create role/role bindings to the Argo CD instance service account.  Note: we have implemented a solution to automatically grant permission to Argo CD instance based on "managed-by" label which requires GitOps/argocd operator.  The goal of this epic is to design and implement a generic solution that can work with just Argo CD.


      It is user unfriendly to require users to take an extra step to create permission especially Argo CD creates namespaces for the users. The process of granting permission is error prone and requiring users to run kubectl commands.

      Acceptance Criteria

      • The Argo CD instance should automatically acquire role/bindings to manage Applications created by the Argo CD instance with or without argocd operator.


            Unassigned Unassigned
            wtam_at_redhat William Tam
            0 Vote for this issue
            2 Start watching this issue
