argocd-rbac-controller

command module

v0.0.0-...-2472f49 Latest Latest Go to latest Published: May 17, 2021 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/codemug/argocd-rbac-controller

Links

Open Source Insights

README ¶

ArgoCD RBAC Controller

Are you tired of creating custom tooling around the pesky CSV based ConfigMap that manages RBAC in ArgoCD. Do you also yearn for a declarative way of creating roles and permissions in ArgoCD like the Kubernetes RBAC? If yes, you've found the right repo.

argocd-rbac-controller is a Kubernetes operator that lets you declaratively define the ArgoCD groups, roles and permissions using Kubernetes custom resources.

Installation

Use the helm chart in this repo to deploy the controller on your kubernetes cluster:

helm install argocd-rbac-controller helm/argocd-rbac-controller

Note: If you intend to build the image yourself and push it to your own registry, you can update the REGISTRY value in the Makefile and do a:

make docker-build
make docker-push

And then, when deploying the helm chart, you can set the image name as follows:

helm install argocd-rbac-controller helm/argocd-rbac-controller --set image.registry=name-of-your-registry

Usage

The operator installs two namespace-scoped CustomResourceDefinitions on your cluster:

GroupMapping

This translates to the g statements in the argocd-rbac-cm ConfigMap. For example, consider the following entry:

g, bar, role:foo

This would be created through:

apiVersion: argocd.codemug.io/v1beta1
kind: GroupMapping
metadata:
  name: groupmapping-sample
spec:
  mappings:
    - roleName: foo
      groupName: bar

RoleMapping

This translates to the p statements in the argocd-rbac-cm ConfigMap. For example, consider the following entry:

p, role:foo, applications, get, *, allow

This would be created through:

apiVersion: argocd.codemug.io/v1beta1
kind: RoleMapping
metadata:
  name: rolemapping-sample
spec:
  roles:
    - name: foo
      permissions:
        - resource: applications
          actions:
          - get
          instance: "*"

Configuration

The name and namespace of the argocd-rbac-cm can be changed/configured at the time of the helm chart deployment:

helm install argocd-rbac-controller helm/argocd-rbac-controller --set controller.rbacConfigMapName rbac-cm --set controller.rbacConfigMapNamespace cd-system

Similarly, the value for policy.default in this ConfigMap can also be configured:

helm install argocd-rbac-controller helm/argocd-rbac-controller --set controller.defaultPolicy role:admin

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
api
v1beta1 Package v1beta1 contains API Schema definitions for the argocd v1beta1 API group +kubebuilder:object:generate=true +groupName=argocd.codemug.io	Package v1beta1 contains API Schema definitions for the argocd v1beta1 API group +kubebuilder:object:generate=true +groupName=argocd.codemug.io
controllers
core

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL