argocd: use built in role:admin for admin permissions

daurnimator · daurnimator · commit a349f33338b8 · 2020-06-13T23:27:32.000+10:00
diff --git a/README.md b/README.md
@@ -26,6 +26,6 @@ done
 Create a new argocd local user for the admin (`argocd/users.yaml`).
 An existing admin will need to generate a password for the new admin.
 
-Add the new user to the default argo project (`argocd/projects/default.yaml`).
+Add the new user to the admin group (`argocd/argo-cd-rbac.yaml`).
 
 Have the new user create a password for accessing metrics and hash it with `htpasswd -n -B adminusername`. Add it to `monitoring/user-auth.env.yaml`.
diff --git a/argocd/argo-cd-rbac.yaml b/argocd/argo-cd-rbac.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-rbac-cm
+data:
+  policy.default: role:readonly
+  policy.csv: |
+    g, benharri, role:admin
+    g, daurnimator, role:admin
+    g, drgrove, role:admin
+    g, lrvick, role:admin
+    g, ryan, role:admin
diff --git a/argocd/kustomization.yaml b/argocd/kustomization.yaml
@@ -26,6 +26,7 @@ patches:
   - argo-cd-allow-alpha-plugins-patch.yaml
   - argo-cd-import-pgp-key.yaml
   - argo-cd-repository-credentials-patch.yaml
+  - argo-cd-rbac.yaml
   - users.yaml
 images:
   - name: argoproj/argocd:v1.5.7
diff --git a/argocd/projects/default.yaml b/argocd/projects/default.yaml
@@ -15,13 +15,3 @@ spec:
     kind: '*'
   orphanedResources:
     warn: false
-  roles:
-  - groups:
-    - benharri
-    - daurnimator
-    - drgrove
-    - lrvick
-    - ryan
-    name: Admins
-    policies:
-    - p, proj:default:Admins, applications, *, default/*, allow
