remove default values from the argocd rbac configmap
This commit is contained in:
Jaret Deprin
parent
5f33036890
commit
2cf0b62c08
2 changed files with 11 additions and 9 deletions
|
|
@ -9,5 +9,7 @@ metadata:
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
|
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
|
||||||
app.kubernetes.io/component: {{ .Values.server.name }}
|
app.kubernetes.io/component: {{ .Values.server.name }}
|
||||||
|
{{- if .Values.server.rbacConfig }}
|
||||||
data:
|
data:
|
||||||
{{- toYaml .Values.server.rbacConfig | nindent 4 }}
|
{{- toYaml .Values.server.rbacConfig | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
|
@ -314,26 +314,26 @@ server:
|
||||||
|
|
||||||
## ArgoCD rbac config
|
## ArgoCD rbac config
|
||||||
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
|
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
|
||||||
rbacConfig:
|
rbacConfig: {}
|
||||||
# policy.csv is an file containing user-defined RBAC policies and role definitions (optional).
|
# policy.csv is an file containing user-defined RBAC policies and role definitions (optional).
|
||||||
# Policy rules are in the form:
|
# Policy rules are in the form:
|
||||||
# p, subject, resource, action, object, effect
|
# p, subject, resource, action, object, effect
|
||||||
# Role definitions and bindings are in the form:
|
# Role definitions and bindings are in the form:
|
||||||
# g, subject, inherited-subject
|
# g, subject, inherited-subject
|
||||||
# See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md for additional information.
|
# See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md for additional information.
|
||||||
policy.csv: |
|
# policy.csv: |
|
||||||
# Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project'
|
# # Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project'
|
||||||
p, my-org:team-alpha, applications, sync, my-project/*, allow
|
# p, my-org:team-alpha, applications, sync, my-project/*, allow
|
||||||
# Grant all members of 'my-org:team-beta' admins
|
# # Grant all members of 'my-org:team-beta' admins
|
||||||
g, my-org:team-beta, role:admin
|
# g, my-org:team-beta, role:admin
|
||||||
# policy.default is the name of the default role which Argo CD will falls back to, when
|
# policy.default is the name of the default role which Argo CD will falls back to, when
|
||||||
# authorizing API requests (optional). If omitted or empty, users may be still be able to login,
|
# authorizing API requests (optional). If omitted or empty, users may be still be able to login,
|
||||||
# but will see no apps, projects, etc...
|
# but will see no apps, projects, etc...
|
||||||
policy.default: role:readonly
|
# policy.default: role:readonly
|
||||||
|
|
||||||
# scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
|
# scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
|
||||||
# If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings.
|
# If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings.
|
||||||
scopes: '[cognito:groups, email]'
|
# scopes: '[cognito:groups, email]'
|
||||||
|
|
||||||
## Not well tested and not well supported on release v1.0.0.
|
## Not well tested and not well supported on release v1.0.0.
|
||||||
## Applications
|
## Applications
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue