You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
I'm using ArgoCD as an operator in my environment and by default it creates multiple service accounts.
I'm looking into minimizing the permissions of those service accounts.
For example for the argocd-argocd-server the below rule is included:
This rule, especially the option to delete everything is complitely unnecessary in my case.
I have reviewed and tested the Custom Role feature, the problem with that solution is the use of Cluster Role.
While the argocd-argocd-server should have access to secrets in the namespace it is installed in, there is no reason to give it cluster scoped access to secrets not even for read usage.
What would be the proper solution here?
I there any other solution for that use-case?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello,
I'm using ArgoCD as an operator in my environment and by default it creates multiple service accounts.
I'm looking into minimizing the permissions of those service accounts.
For example for the
argocd-argocd-serverthe below rule is included:This rule, especially the option to delete everything is complitely unnecessary in my case.
I have reviewed and tested the Custom Role feature, the problem with that solution is the use of Cluster Role.
While the
argocd-argocd-servershould have access tosecretsin the namespace it is installed in, there is no reason to give it cluster scoped access to secrets not even for read usage.What would be the proper solution here?
I there any other solution for that use-case?
Beta Was this translation helpful? Give feedback.
All reactions