Story (Required)

As a user of OpenShift GitOps who might not have admin privileges to label namespaces on their cluster, I would want to have accurate information about how I can still deploy resources to non-control plane namespaces

Background (Required)

At present, OpenShfit GitOps supports the use case of applications needing to deploy resources in non-control plane namespaces through the use of the "managed-by" label, which creates the necessary roles/rolebindings in the target namespace. However, this feature requires the user to have admin privileges on the cluster since it involves labeling namespaces. Since a large portion of our customer base consists of app delivery teams that use namespace scoped Argo CD instances, they likely will not have the permissions to label namespaces, and are as a result of this, dependent on cluster admins to label their namespaces for them, which is a point of friction for the self-service use case.

Argo CD itself has fixed this issue by allowing users to create namespaces at the time of app creation as a part of sync options. They have expanded the sync options by allowing users to specify labels that their namespaces should carry out of the box. This fixes the above explained pain point, as users no longer need to have cluster admin privileges to be able to label their own namespaces, since they can have their Argo CD instance do it for them now.

Users of OpenShift GitOps v1.8 < can use this feature today, however there is currently no documentation present within either Argocd operator documentation, or the official OpenShift documentation regarding this feature.

Out of scope

Any code implementations to provide support for this feature in the operator

Approach (Required)

- Verify the steps required for users to be able to leverage this feature through the OpenShift GitOps operator today, through manual testing
- Capture steps in upstream Argo CD operator documentation as an extension to existing documentation on "deploying resources to a different namespace"
- Co-ordinate with OpenShift docs team to have updated documentation merged to OpenShift docs

Dependencies

none

Acceptance Criteria (Mandatory)

- Argocd Operator documentation is updated explaining how to use this feature
- OpenShift GitOps documentation is updated explaining how to use this feature

INVEST Checklist

Dependencies identified

Blockers noted and expected delivery timelines set

Design is implementable

Acceptance criteria agreed upon

Story estimated

Legend

Unknown

Verified

Unsatisfied

Done Checklist

Code is completed, reviewed, documented and checked in
Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
Continuous Delivery pipeline(s) is able to proceed with new code included
Customer facing documentation, API docs etc. are produced/updated, reviewed and published
Acceptance criteria are met

Attachments

Issue Links

relates to

RHDEVDOCS-5019 Auto label "argocd.argoproj.io/managed-by" namespace when it is auto created

Closed

Activity

People

Assignee:: Jaideep Rao

Reporter:: Jaideep Rao

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2023/04/18 8:29 PM

Updated:: 2023/05/04 1:13 PM

Resolved:: 2023/05/04 1:13 PM