Open llavaud opened 3 weeks ago
After adding a clusterrole/clusterrolebinding that add get/watch/list on secrets it works
Where exactly do you add this?
After adding a clusterrole/clusterrolebinding that add get/watch/list on secrets it works
Where exactly do you add this?
I added a clusterrolebinding that give secrets get/watch/list permissions to the argocd-server service account
Hm, I don't think you can avoid giving ArgoCD server cluster scope permissions. argocd
namespace permissions don't seem like they'd allow to access cluster-scope secrets. Would you suggest to move some objects from the cluster scope into the target namespace?
Hm, I don't think you can avoid giving ArgoCD server cluster scope permissions.
argocd
namespace permissions don't seem like they'd allow to access cluster-scope secrets. Would you suggest to move some objects from the cluster scope into the target namespace?
Currently I deployed Argo CD using the Helm Chart without giving any clusterscope permissions, why would I need to give clusterscope permission for this feature ?
Looks like it's trying to read some cluster-scope secret. Can you share your manifests, values files etc., please?
Describe the bug
When I try to generate the application templates from an applicationSet resource using the new
argocd appset generate
CLI command, I have the following error message:After adding a clusterrole/clusterrolebinding that add get/watch/list on secrets it works
To Reproduce
Launch the following command on an applicationSet manifest that use the
Cluster
generator:argocd appset generate appset.yaml
Expected behavior
Render templates without needed to give clusterscope permissions to the
argcd-server
service account. Theargocd-server
already have necessary permission to read secrets in the argocd namespaceVersion