argo-cd
argo-cd copied to clipboard
Published
20 hours ago •
argoproj
argoproj
Enable wildcard for *ResourceWhitelist/Blacklist
Summary
Enable wildcard for *ResourceWhitelist/Blacklist
Motivation
Today I let my different application teams sync on specific AppProjects where i define namespaceResourceWhitelist & Blacklist.
But it's kind of a pain to manage. For example I use tekton in my cluster and as you can see bellow it have a few crd:s and thus a rather big number of groups.
kubectl get crd |grep tekto
clustertasks.tekton.dev 2020-11-18T14:14:23Z
clustertriggerbindings.triggers.tekton.dev 2020-11-18T14:14:57Z
conditions.tekton.dev 2020-11-18T14:14:23Z
config.operator.tekton.dev 2020-11-18T14:13:54Z
eventlisteners.triggers.tekton.dev 2020-11-18T14:14:57Z
pipelineresources.tekton.dev 2020-11-18T14:14:24Z
pipelineruns.tekton.dev 2020-11-18T14:14:24Z
pipelines.tekton.dev 2020-11-18T14:14:24Z
runs.tekton.dev 2020-11-18T14:14:24Z
taskruns.tekton.dev 2020-11-18T14:14:24Z
tasks.tekton.dev 2020-11-18T14:14:24Z
triggerbindings.triggers.tekton.dev 2020-11-18T14:14:57Z
triggers.triggers.tekton.dev 2020-11-18T14:14:57Z
triggertemplates.triggers.tekton.dev 2020-11-18T14:14:57Z
I would have to do something like:
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: my-project
namespace: argocd
spec:
namespaceResourceWhitelist:
- group: 'tekton.dev'
kind: '*'
- group: 'triggers.tekton.dev'
kind: '*'
... etc
Proposal
Enable wildcards on groups. So i can do something like:
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: my-project
namespace: argocd
spec:
namespaceResourceWhitelist:
- group: '*.tekton.dev'
kind: '*'
Notice * in-front of .tekton.dev
I know this will potentially issues since we are not being as specific but I think the bad parts/risks will be outweighs by the administrative work being saved.
