Replies: 1 comment
-
|
the RBAC is only around applications, app projects, actions, and other argo resources. You can grant the "restart" action for deployments, statefulsets, and daemonsets which is effectively the same as a pod delete but will restart all pods. https://argo-cd.readthedocs.io/en/stable/operator-manual/resource_actions/#custom-resource-actions |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Excuse me, is there a problem with my writing? After completing the configuration, I can view all resources normally, but it seems that I cannot delete the pod, and the policy hasn't taken effect.
policy data:
`p, linuxbi, applications, delete//Pod//*, *, allow
p, linuxbi, applications, get, /, allow
p, linuxbi, certificates, get, *, allow
p, linuxbi, clusters, get, *, allow
p, linuxbi, repositories, get, *, allow
p, linuxbi, projects, get, *, allow
p, linuxbi, accounts, get, *, allow
p, linuxbi, gpgkeys, get, *, allow
p, linuxbi, logs, get, /, allow`
log detail:
time="2024-11-01T09:28:15Z" level=info msg="received unary call /application.ApplicationService/DeleteResource" grpc.method=DeleteResource grpc.request.claims="{\"exp\":1730538775,\"iat\":1730452375,\"iss\":\"argocd\",\"jti\":\"f52726fd-b2e1-4614-a75f-bb3ba1256431\",\"nbf\":1730452375,\"sub\":\"linuxbi\"}" grpc.request.content="name:\"uat-franchiseeengine\" namespace:\"uat\" resourceName:\"franchiseeengine-644cb569db-gxsk8\" version:\"v1\" group:\"\" kind:\"Pod\" force:false orphan:false appNamespace:\"argocd\" " grpc.service=application.ApplicationService grpc.start_time="2024-11-01T09:28:15Z" span.kind=server system=grpc time="2024-11-01T09:28:15Z" level=warning msg="user tried to delete application which they do not have access to: rpc error: code = PermissionDenied desc = permission denied: applications, delete, uat/uat-franchiseeengine, sub: linuxbi, iat: 2024-11-01T09:12:55Z" application=uat-franchiseeengine namespace=argocd project=uat security=2 user=linuxbi 2024-11-01T17:28:15.295855482+08:00 time="2024-11-01T09:28:15Z" level=warning msg="finished unary call with code PermissionDenied" error="rpc error: code = PermissionDenied desc = permission denied" grpc.code=PermissionDenied grpc.method=DeleteResource grpc.service=application.ApplicationService grpc.start_time="2024-11-01T09:28:15Z" grpc.time_ms=1.211 span.kind=server system=grpcBeta Was this translation helpful? Give feedback.
All reactions