Goal

When an Argo CD instance creates an Application in a namespace, the Argo CD instance should have permission to manage and deployment application resource in the namespace the application is deployed in.   The user should not need to manually create role/role bindings to the Argo CD instance service account.  Note: we have implemented a solution to automatically grant permission to Argo CD instance based on "managed-by" label which requires GitOps/argocd operator.  The goal of this epic is to design and implement a generic solution that can work with just Argo CD.

Why

It is user unfriendly to require users to take an extra step to create permission especially Argo CD creates namespaces for the users. The process of granting permission is error prone and requiring users to run kubectl commands.

Acceptance Criteria

• The Argo CD instance should automatically acquire role/bindings to manage Applications created by the Argo CD instance with or without argocd operator.