Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-1567

Regular users can not add additional namespaces to be managed by a namespaced ArgoCD instance

    XMLWordPrintable

Details

    • Bug
    • Resolution: Not a Bug
    • Major
    • None
    • 1.3.1
    • Operator
    • False
    • False

    Description

      When a regular user (non cluster-admin) deploys an ArgoCD instance into their own project that ArgoCD instance can only manage that particular namespace.

      To have additional namespaces (dev / stage / prod for example) managed by that ArgoCD instance it is necessary to add the label argocd.argoproj.io/managed-by to any additional namespace.

      However regular users are not allowed to add labels (or annotations) to any namespace/project.

      As a workaround I wrote a little operator to get around this issue. Adding a Custom Resource to any project will add the label to the namespace - and deleting the CR will delete it:

      https://github.com/redhat-gpte-devopsautomation/argocd-namespace-operator

      But there should really be a way to do this without any help from a cluster administrator.

      To reproduce:

      • As a regular user create a new argued namespace (user-argocd)
      • Deploy an instance of ArgoCD into that namespace
      • Create an additional namespace (user-dev)
      • Try to deploy an application into the namespace user-dev
      • -> Errors

      Software versions: OCP 4.9(.7), GitOps operator 1.3.1, ArgoCD 2.1.2

      Attachments

        Activity

          People

            halawren@redhat.com Harriet Lawrence
            wkulhanek Wolfgang Kulhanek
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: