You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sync windows should be defined as CRDs which are referenceable by projects, apps, and globally.
Motivation
At Intuit, we've encountered places where we'd like to define a sync window for an application without enforcing that sync window for all apps in that project (or creating a single project per app).
Others have wanted to enforce a global sync window for a whole company without either using a single project for everything (terrible for security) or duplicating sync windows across a bunch of projects.
It would also be nice to allow for self-service sync windows by non-admins. The ability to update an AppProject is effectively admin access. By separating it into a CRD, admins can allow users to create and update sync windows without granting them full admin capability.
Proposal
The CRD:
apiVersion: argoproj.io/v1alpha1kind: SyncWindowmetadata:
name: my-sync-windownamespace: argocd # there's no reason this couldn't also be in other namespacesspec:
syncWindows: # allow multiple for easy transition from projects
- kind: allowschedule: '10 1 * * *'duration: 1happlications:
- '*-prod'manualSync: true
- kind: denyschedule: '0 22 * * *'duration: 1hnamespaces:
- default
- kind: allowschedule: '0 23 * * *'duration: 1hclusters:
- in-cluster
- cluster1
I've just run into this; our organization wants all developers to limit their deployment activity at the end of the week, but has no interest in any mechanism to do so and would rather each developer go through a modified approval process or to wait until the following week. I wanted to try sync windows to ease the situation. Unfortunately almost all applications are under the same AppProject, and only a select few people have permissions, so I can't apply a sync window for my applications.
Making it possible to define a SyncWindow resource would be great!
Summary
Sync windows should be defined as CRDs which are referenceable by projects, apps, and globally.
Motivation
At Intuit, we've encountered places where we'd like to define a sync window for an application without enforcing that sync window for all apps in that project (or creating a single project per app).
Others have wanted to enforce a global sync window for a whole company without either using a single project for everything (terrible for security) or duplicating sync windows across a bunch of projects.
It would also be nice to allow for self-service sync windows by non-admins. The ability to update an AppProject is effectively admin access. By separating it into a CRD, admins can allow users to create and update sync windows without granting them full admin capability.
Proposal
The CRD:
Reference from project:
Reference from application:
Reference from argocd-cm (global):
The text was updated successfully, but these errors were encountered: