docs: Add Installation Warning and Kustomize Guide (argoproj#19874)

* Update installation docs: Add warning for ClusterRoleBinding and custom namespace Signed-off-by: nueavv <nuguni@kakao.com> * Add support for installing Argo CD in custom namespace using Kustomize Signed-off-by: nueavv <nuguni@kakao.com> * remove clusterrolebinding name Signed-off-by: nueavv <nuguni@kakao.com> --------- Signed-off-by: nueavv <nuguni@kakao.com>
AmadeusITGroup · Sep 11, 2024 · ad399c0 · ad399c0
1 parent f980187
commit ad399c0
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/docs/operator-manual/installation.md b/docs/operator-manual/installation.md
@@ -21,6 +21,9 @@ Not recommended for production use. This type of installation is typically used
   in (i.e. kubernetes.svc.default). It will still be able to deploy to external clusters with inputted
   credentials.
 
+  > Note: The ClusterRoleBinding in the installation manifest is bound to a ServiceAccount in the argocd namespace. 
+  > Be cautious when modifying the namespace, as changing it may cause permission-related errors unless the ClusterRoleBinding is correctly adjusted to reflect the new namespace.
+
 * [namespace-install.yaml](https://github.com/argoproj/argo-cd/blob/master/manifests/namespace-install.yaml) - Installation of Argo CD which requires only
   namespace level privileges (does not need cluster roles). Use this manifest set if you do not
   need Argo CD to deploy applications in the same cluster that Argo CD runs in, and will rely solely
@@ -78,6 +81,29 @@ resources:
 For an example of this, see the [kustomization.yaml](https://github.com/argoproj/argoproj-deployments/blob/master/argocd/kustomization.yaml)
 used to deploy the [Argoproj CI/CD infrastructure](https://github.com/argoproj/argoproj-deployments#argoproj-deployments).
 
+#### Installing Argo CD in a Custom Namespace
+If you want to install Argo CD in a namespace other than the default argocd, you can use Kustomize to apply a patch that updates the ClusterRoleBinding to reference the correct namespace for the ServiceAccount. This ensures that the necessary permissions are correctly set in your custom namespace.
+
+Below is an example of how to configure your kustomization.yaml to install Argo CD in a custom namespace:
+```yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: <your-custom-namespace>
+resources:
+  - https://raw.githubusercontent.com/argoproj/argo-cd/v2.7.2/manifests/install.yaml
+
+patches:
+  - patch: |-
+      - op: replace
+        path: /subjects/0/namespace
+        value: <your-custom-namespace>
+    target:
+      kind: ClusterRoleBinding
+```
+
+This patch ensures that the ClusterRoleBinding correctly maps to the ServiceAccount in your custom namespace, preventing any permission-related issues during the deployment.
+
 ## Helm
 
 The Argo CD can be installed using [Helm](https://helm.sh/). The Helm chart is currently community maintained and available at