Replies: 2 comments
-
Any thoughts on this, please? |
Beta Was this translation helpful? Give feedback.
0 replies
-
Yes there's inconsistency as of today. Argo CD uses Casbin for managing RBAC on K8s whereas Argo Workflows relies on K8s native RBAC. There's an open issue to support Casbin RBAC so you'd probably want to subscribe to that if interested: #6490 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi All,
I want to start a discussion about Argoworkflows RBAC. The documentation goes on length about setting up SSO authentication with dex. However, it is very vague about the authorization aspect.
Here are some of the questions that few people and myself can't find answers to:
Can we limit a user/group access to a particular resource? For example, can the DevOps team have admin rights while the Data team is given access to create and run CronJobs?
How do we manage these rules efficiently?
The documentation discusses ServiceAccounts annotations but doesn't specify how the Role mapping works. In addition, ArgoCD RBAC is accomplished differently, where the user can specify a policy
policy.csv
underrbacConfig
in the formg, <org><group>, role:admin
. I am referring to this document. Which is a clear way to describe who has access to what.RBAC is almost the thing that many organizations I work with care about the most, and having a clear understanding about it is crucial.
Please let me know if this requires any sort of contribution; I would be happy to help!
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions