Loading...

XML

Word

Printable

Story Points:
8
Epic Link:
Support Application CRs in non-control plane namespaces
Blocked:
False
Blocked Reason:
None
Ready:
False
Release Note Text:

Hide
Before this fix, Applications could be created only in the same namespace as our ArgoCD instance. With this fix, Applications can now be created in any namespace in the same cluster and still managed by the same control-plane’s ArgoCD instance. The fix adds a new label argocd.argoproj.io/managed-by-cluster-argocd to the namespace added in spec.sourceNamespaces of the ArgoCD CR.
Note: This feature is in Tech-Preview state

Show
Before this fix, Applications could be created only in the same namespace as our ArgoCD instance. With this fix, Applications can now be created in any namespace in the same cluster and still managed by the same control-plane’s ArgoCD instance. The fix adds a new label argocd.argoproj.io/managed-by-cluster-argocd to the namespace added in spec.sourceNamespaces of the ArgoCD CR. Note: This feature is in Tech-Preview state

As a user of OpenShift GitOps, I want to be able to leverage the new Applications in any namespaces feature coming in Gitops 1.7.

For this feature to work with the Operator, the following changes must be made to the workload:

The application-controller and the argocd-server have a new command line argument, --application-namespaces, which defines the globally allowed namespaces for Application resources. This must be exposed by the Operand.
The argocd-server needs Kubernetes-level permissions for Application resources in these namespaces. The required permissions are GET, LIST, WATCH, PATCH, UPDATE and DELETE. For this, the Operator should install Roles in these namespaces, and bind them to the argocd-server ServiceAccount in the installation namespace.

mentioned on