Scenario
As a user with access to specific OpenShift namespaces on a cluster ( Example, the dev- , code- and stage- namespaces on the dev sandbox), I would like to use GitOps to have kubernetes manifests sync'd to one or more namespaces I already have access to.
Background
ArgoCD is modeled around the constraint that Application CRs need to reside in the ArgoCD control plane only. Therefore, either an ArgoCD admin needs to create an Application CR or a user may do so by logging into the ArgoCD UI.
Problem statement
The user needs to login to two Consoles ( openshift console, ArgoCD console ) to be able to 'tell' ArgoCD that something needs to be "sync'd", after the user has been provided access to the ArgoCD console implicitly or explicitly.
An ideal experience should be :
- The user logs into OpenShift Console, Or logs in to the cluster using the oc / kubectl CLI.
- The user, in the context of her own namespace creates an Application CR ( or an equivalent of the same ) referencing the Git Repo & credentials(optionally).
- A GitOps Engine ( an abstract concept as of now ) should "sync" manifests from Git.
All this should be possible without any intervention from the Argo CD Admin and should factor in the permissions the user has already been provided by the cluster-admin.
Acceptance Criteria
- Get https://github.com/argoproj/argo-cd/pull/6409 merged upstream
- Update AppProject to include list of sourceNameSpaces
- Update reconcile process to track applications in sourceNameSpaces having AppProject associated to them
Long term
The topology view should reflect an out-of-sync application.
Upstream
- is related to
-
GITOPS-3501 Decouple control plane and application sync privileges
-
- In Progress
-
- relates to
-
-
- Closed
-