Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-8922

ApplicationSet cluster scoped roles missing permissions

XMLWordPrintable

    • 5
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
      Previously, the ApplicationSet controller lacked the necessary permissions to list AppProjects at the cluster scope. This caused reconciliation failures when ApplicationSet resources were created in namespaces other than the default Argo CD namespace. This release updates the controller's ClusterRole to include the required permissions similar to the upstream for appprojects.argoproj.io, ensuring successful application generation across the cluster.
      Show
      Previously, the ApplicationSet controller lacked the necessary permissions to list AppProjects at the cluster scope. This caused reconciliation failures when ApplicationSet resources were created in namespaces other than the default Argo CD namespace. This release updates the controller's ClusterRole to include the required permissions similar to the upstream for appprojects.argoproj.io, ensuring successful application generation across the cluster.
    • GitOps Crimson Sprint 28

      Description of Problem

      • The cluster role created for the ApplicationSet controller is missing required permissions, causing failures when reconciling.

      Additional Info

      Problem Reproduction

      • <How do we reproduce the problem?>

      Reproducibility

      • <Always/Intermittent/Only Once>

      Prerequisites/Environment

      • <OpenShift, managed service (e.g., ROSA, ARO), operators, layered product, and other software versions, build details>

      Steps to Reproduce

      Steps to reproduce the behavior:

      1. Setup argocd that has cluster scope enabled
      2. Create ApplicationSet resource in a different namespace that the argocd
      3. ApplicationSet controller fails with missing permissions

      "failed to list *v1alpha1.AppProject: appprojects.argoproj.io is forbidden: User \"system:serviceaccount:argocd:argocd-applicationset-controller\" cannot list resource \"appprojects\" in API group \"argoproj.io\" at the cluster scope

       

      Expected Results

      • ApplicationSet controller should be able to reconcile and create applications

      Actual Results

      • ...

      Problem Analysis

      • <Completed by engineering team as part of the triage/refinement process>

      Root Cause

      • <What is the root cause of the problem? Or, why is it not a bug?>

      Workaround (If Possible)

      • <Are there any workarounds we can provide to the customers?>

      Fix Approaches

      • <If we decide to fix this bug, how will we do it?>

      Acceptance Criteria

      • ...

      Definition of Done

      • Code Complete:
        • All code has been written, reviewed, and approved.
      • Tested:
        • Unit tests have been written and passed.
        • Ensure code coverage is not reduced with the changes.
        • Integration tests have been automated.
        • System tests have been conducted, and all critical bugs have been fixed.
        • Tested and merged on OpenShift either upstream or downstream on a local build.
      • Documentation:
        • User documentation or release notes have been written (if applicable).
      • Build:
        • Code has been successfully built and integrated into the main repository / project.
        • Midstream changes (if applicable) are done, reviewed, approved and merged.
      • Review:
        • Code has been peer-reviewed and meets coding standards.
        • All acceptance criteria defined in the user story have been met.
        • Tested by reviewer on OpenShift.
      • Deployment:
        • The feature has been deployed on OpenShift cluster for testing.

              rhn-support-alkumari Alka Kumari
              rhn-support-alkumari Alka Kumari
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: