Skip to content
/ argocd-rbac-controller Public

A Kubernetes controller that can generate RBAC rules for ArgoCD

License

Apache-2.0 license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

codemug/argocd-rbac-controller

BranchesTags

Repository files navigation

ArgoCD RBAC Controller

Are you tired of creating custom tooling around the pesky CSV based ConfigMap that manages RBAC in ArgoCD. Do you also yearn for a declarative way of creating roles and permissions in ArgoCD like the Kubernetes RBAC? If yes, you've found the right repo.

argocd-rbac-controller is a Kubernetes operator that lets you declaratively define the ArgoCD groups, roles and permissions using Kubernetes custom resources.

Installation

Use the helm chart in this repo to deploy the controller on your kubernetes cluster:

helm install argocd-rbac-controller helm/argocd-rbac-controller

Note: If you intend to build the image yourself and push it to your own registry, you can update the REGISTRY value in the Makefile and do a:

make docker-build
make docker-push

And then, when deploying the helm chart, you can set the image name as follows:

helm install argocd-rbac-controller helm/argocd-rbac-controller --set image.registry=name-of-your-registry

Usage

The operator installs two namespace-scoped CustomResourceDefinitions on your cluster:

GroupMapping

This translates to the g statements in the argocd-rbac-cm ConfigMap. For example, consider the following entry:

g, bar, role:foo

This would be created through:

apiVersion: argocd.codemug.io/v1beta1
kind: GroupMapping
metadata:
  name: groupmapping-sample
spec:
  mappings:
    - roleName: foo
      groupName: bar

RoleMapping

This translates to the p statements in the argocd-rbac-cm ConfigMap. For example, consider the following entry:

p, role:foo, applications, get, *, allow

This would be created through:

apiVersion: argocd.codemug.io/v1beta1
kind: RoleMapping
metadata:
  name: rolemapping-sample
spec:
  roles:
    - name: foo
      permissions:
        - resource: applications
          actions:
          - get
          instance: "*"

Configuration

The name and namespace of the argocd-rbac-cm can be changed/configured at the time of the helm chart deployment:

helm install argocd-rbac-controller helm/argocd-rbac-controller --set controller.rbacConfigMapName rbac-cm --set controller.rbacConfigMapNamespace cd-system

Similarly, the value for policy.default in this ConfigMap can also be configured:

helm install argocd-rbac-controller helm/argocd-rbac-controller --set controller.defaultPolicy role:admin

About

A Kubernetes controller that can generate RBAC rules for ArgoCD

Resources

Readme

License

Apache-2.0 license
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages