Cluster should belong to a project #5283
Comments
|
Related #5275 |
|
This issue is a bit different. In our use case we do not need to have different service accounts for same cluster. We want to improve project isolation to include clusters in it. What I mean by that is if we currently give permissions to one team to get clusters, this team will be able to list all clusters in ArgoCD. My point is that we want to restrict clusters on project level. For example we have a project that has 5 clusters assigned and similar to application rbac we want to give project owners permission to list and modify only these 5 clusters. (same as application per project rbacs). It is rather similar to this request for repository isolation #2251 @jessesuen |
|
Proposal has been accepted: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/project-repos-and-clusters.md |
|
Implemented! Thanks to @pasha-codefresh |
Today, we use RBAC and OIDC to manage user's rules. In our organization, we are using one ArgoCD to manage hundreds of clusters ruled by different teams. While we have the separation between teams on the project level we are still missing the separation for clusters.
We would like to restrict clusters by project, so the user bound to OIDC groups only can list/create/update/delete clusters belonging to a project. Currently, there is no such option.
The text was updated successfully, but these errors were encountered: