Epic Goal

• Enable users to be able to label namespaces they own with 'argocd.argoproj.io/managed-by" instead of having to rely on cluster admins to do it for them 

Why is this important?

• This feature would truly extend non-control namespace management into the self-service model for development teams using OpenShift GitOps in multi-tenant fashion. This would allow them to stop relying on cluster admins to help with their namespace set-ups and would likely improve their individual velocities 

Scenarios

1. Development teams are namespace admins in one or more namespaces they own, and would like to use all their namespaces to deploy application resources in specific namespaces. However, for this to work their namespaces must carry a specific label, and they don't have privileges to label their namespaces themselves even though they are admins in their own namespaces. They must rely on cluster admin interference every time. With this feature in place, they would be able to achieve this without admin interference.

Acceptance Criteria (Mandatory)

• CI - MUST be running successfully with tests automated
• Release Technical Enablement - Provide necessary release enablement details and documents.
• Ensure that no scope for privilege escalation is provided through the implementation of this feature 

Dependencies (internal and external)

1. ...

Previous Work (Optional):

1. Existing implementation for namespace management 

Open questions::

• Should we suggest users move away from trying to create namespaces (and supply labels) via sync options once this is implemented? 

Done Checklist

• Acceptance criteria are met
• Non-functional properties of the Feature have been validated (such as performance, resource, UX, security or privacy aspects)
• User Journey automation is delivered
• Support and SRE teams are provided with enough skills to support the feature in production environment