Open sj-porter-knime opened 3 years ago
It looks like I can't push a branch, otherwise I'd submit a PR. Here's my recommended change to the docs (assuming that my understanding of where to put the RBAC permissions inside the ConfigMap is correct):
The technical user image-updater
we have configured in the previous step now
needs appropriate RBAC permissions within Argo CD. Argo CD Image Updater needs
the update
and get
permissions on the applications you want to manage.
A most basic version that grants get
and update
permissions on all of the
applications managed by Argo CD might look as follows:
data:
policy.default: role:readonly
policy.csv: |
p, role:image-updater, applications, get, */*, allow
p, role:image-updater, applications, update, */*, allow
g, image-updater, role:image-updater
The permissions can be further restricted to apps in a specific project, or to specific apps.
Edit the argocd-rbac-cm
ConfigMap and Argo CD will pick up the changes
automatically.
Hey @sj-porter-knime, thanks for this suggestion.
In order to submit a PR, you need to fork this repository, push the changes to your fork (a dedicated branch for this is recommended), and then open the PR to merge the branch from your fork into this repository.
Describe the bug This documentation details the code required to grant RBAC permissions in Argo CD, however, it does not show where that code needs to be placed inside the
argocd-rbac-cm
ConfigMap.To Reproduce Steps to reproduce the behavior:
Expected behavior
argocd-rbac-cm
ConfigMap similarly to sections earlier in the documentation which show that the necessary code is placed underneath thedata
property.Version Stable (as of Sept. 30, 2021).