Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: "${cluster_name}"
namespace: argocd
spec:
description: "${cluster_name} cluster"
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: ${cluster_url}
- namespace: argocd
server: https://kubernetes.default.svc
clusterResourceWhitelist:
- group: '*'
kind: '*'
roles:
- name: admin
description: Admin privileges to ${cluster_name}
policies:
- p, proj:${cluster_name}:admin, applications, *, ${cluster_name}/*, allow
groups:
%{~ for s in admin_users ~}
- ${s}
%{~ endfor ~}
%{~ for s in admin_groups ~}
- ${s}
%{~ endfor ~}
- name: user
description: Read-only privileges to ${cluster_name}
policies:
- p, proj:${cluster_name}:read-only, applications, get, ${cluster_name}/*, allow
groups:
%{~ for s in member_users ~}
- ${s}
%{~ endfor ~}
%{~ for s in member_groups ~}
- ${s}
%{~ endfor ~}