Governance Policies for GitOps Applications
next fiscal quarter
E
Electronic Emu
Currently, Harness doesn't support governance policies for GitOps resources. We'd like the ability to prohibit our users from changing the targetRevision or syncing a different ref to an existing application.
Log In
C
Comprehensive Thrush
You can create and use project to restrict application sync and other argocd/k8s entity access at the ArgoCD level via the declarative config option today.
We will add project setup and management via the UI next quarter.
C
Comprehensive Thrush
next fiscal quarter
We will have a labels based solution for limiting sync for specific actions this quarter.
Sudarshan Purohit
planned
Sudarshan Purohit
Thank you for your feature request, Electronic Emu. We will likely be able to achieve this in parts (allowing more granular sync permissions as one feature, and linkage of Service and Environment name labels, as another feature). Let us get back to you on the timelines for the first item shortly.
C
Comprehensive Thrush
under review
E
Electronic Emu
Currently the gitops SYNC permission is all or nothing. For instance, I want developer role to be able to SYNC only applications that correspond to non production environment. The Tech lead role should be able to SYNC both non production and production environment. As an extension, I want the ability to provide the service name and environment name labels associated with a Gitops applications using regex when granting SYNC permission.