There are 2 solutions how to configure the AppProject, role & permissions incl. For example, a CI system may only be able to sync a single app (but not change its source or destination). These can be used to give a CI pipeline a restricted set of permissions. Projects include a feature called roles that enable automated access to a project's applications.
ArgoCD projects have the ability to define Project roles:
And with such a AppProject you don't even need to create a user like tekton in the ConfigMap argocd-cm. Specified by fault field of the argocd-rbac-cm ConfigMap.īut these additional RBAC rules could be setup the simplest using ArgoCD Projects. RBAC rules set up, otherwise they will fall back to the default policy When you create local users, each of those users will need additional The problem is mentioned in Argo's useraccounts docs: Or perhaps the article is suggesting the repo is dedicated only to Terraform. These don't require provisioning new infrastructure, as the code is just placed onto existing infrastructure. For example, this article says "anytime there is a push to the src directory it will kick off the action which will have Terraform deploy the changes made to your website."īut doesn't this only make sense if the change you are making is related to provisioning infrastructure? Why would you want any code push to trigger a Terraform job if most pushes to the codecase have nothing to do with provisioning new infrastrucutre? Aren't most code pushes things like changing some CSS on the website, or adding a function to a back-end node script. It makes sense that anytime one wants to provision something different in their infrastructure that a CI/CD pipeline would add visibility and repeatability to an otherwise manual process.īut some article make it sound as though Terraform is doing the deploying of any change.
You see a lot of articles on combining GitHub actions with Terraform.
0 kommentar(er)
