What does this PR do / why we need it:
This PR enables user to use aggregated cluster roles for application controller in a cluster scoped instances of Argo CD.
This will create a base cluster role (argocd-argocd-application-controlle) which can inherit permissions from these two other cluster roles.
argocd-application-controller-view = It configures View permissions.
gitops-application-controller-admin = It is also an aggregated cluster role to configures Admin permissions. This can inherit permissions from cluster role that is created by users and add those into base cluster role.
How to test changes / Special notes to the reviewer:
Create a cluster-scoped Argo CD instance
Create Argo CD CR in namespace and set Spec.aggregatedClusterRolesEnabled to true.
Create a user-defined cluster role having these two labels argocd/aggregate-to-admin: 'true' and app.kubernetes.io/managed-by: argocd and configure permission you want to add for application controller component.
What type of PR is this? /kind enhancement
What does this PR do / why we need it: This PR enables user to use aggregated cluster roles for application controller in a cluster scoped instances of Argo CD. This will create a base cluster role (argocd-argocd-application-controlle) which can inherit permissions from these two other cluster roles.
Which issue(s) this PR fixes:
Fixes #? This is tracked in Red Hat's issue database here: https://issues.redhat.com/browse/GITOPS-2615
How to test changes / Special notes to the reviewer:
Spec.aggregatedClusterRolesEnabled
to true.argocd/aggregate-to-admin: 'true'
andapp.kubernetes.io/managed-by: argocd
and configure permission you want to add for application controller component.