The current implementation for ArgoCD is that we set the Admin role as default, but since it's only accessible via a port-forward (needing k8s access), this is safe.
We need to go to a situation where:
- ArgoCD is public accessible, giving READ access to everyone
- Using SSO to login for Thanos maintainers for admin rights
This means that first we must have: #25 in order to do the SSO callback.
Next:
- Start with setting the default role to reader
- Add ingress
- Implement SSO via Github Thanosio organisation so that maintainers can get admin rights
The current implementation for ArgoCD is that we set the Admin role as default, but since it's only accessible via a port-forward (needing k8s access), this is safe.
We need to go to a situation where:
This means that first we must have: #25 in order to do the SSO callback.
Next: