argocd-image-updater icon indicating copy to clipboard operation
argocd-image-updater copied to clipboard

Published 20 hours ago verified publisher icon argoproj-labs

Docs for Granting RBAC permissions in Argo CD

Open sj-porter-knime opened this issue 4 years ago • 2 comments

Describe the bug This documentation details the code required to grant RBAC permissions in Argo CD, however, it does not show where that code needs to be placed inside the argocd-rbac-cm ConfigMap.

To Reproduce Steps to reproduce the behavior:

  • Read the documentation at https://argocd-image-updater.readthedocs.io/en/stable/install/start/#granting-rbac-permissions-in-argo-cd

Expected behavior

  • The documentation at https://argocd-image-updater.readthedocs.io/en/stable/install/start/#granting-rbac-permissions-in-argo-cd should include a demonstration of where the RBAC permissions should be placed within the argocd-rbac-cm ConfigMap similarly to sections earlier in the documentation which show that the necessary code is placed underneath the data property.

Version Stable (as of Sept. 30, 2021).

sj-porter-knime avatar Sep 30 '21 15:09 sj-porter-knime

It looks like I can't push a branch, otherwise I'd submit a PR. Here's my recommended change to the docs (assuming that my understanding of where to put the RBAC permissions inside the ConfigMap is correct):

Granting RBAC permissions in Argo CD

The technical user image-updater we have configured in the previous step now needs appropriate RBAC permissions within Argo CD. Argo CD Image Updater needs the update and get permissions on the applications you want to manage.

A most basic version that grants get and update permissions on all of the applications managed by Argo CD might look as follows:

data:
  policy.default: role:readonly
  policy.csv: |
    p, role:image-updater, applications, get, */*, allow
    p, role:image-updater, applications, update, */*, allow
    g, image-updater, role:image-updater

The permissions can be further restricted to apps in a specific project, or to specific apps.

Edit the argocd-rbac-cm ConfigMap and Argo CD will pick up the changes automatically.

sj-porter-knime avatar Sep 30 '21 15:09 sj-porter-knime

Hey @sj-porter-knime, thanks for this suggestion.

In order to submit a PR, you need to fork this repository, push the changes to your fork (a dedicated branch for this is recommended), and then open the PR to merge the branch from your fork into this repository.

jannfis avatar Oct 08 '21 20:10 jannfis