Option to change namespace for "argocd-manager" ServiceAccount

[wecger]

Issue:
Right now the argocd CLI always wants to add the ServiceAccount to the namespace kube-system. If you are running in an environment which limits the access to the kube-system namespace this might not be possible.

Suggested solution:
Add a switch to the argocd CLI and argocd cluster configuration to modify the namespace where the "argocd-manager" gets installed/looked up

[jessesuen]

Even today, it's actually fine to choose a different name for the service account, but just not convenient since the CLI does not have a flag to support it. A long as a valid token is inputted into Argo CD, it will work.

[jannfis]

As I'd also like to see this proposed enhancement in ArgoCD (we do work with a lot of clusters that do not allow us to create objects in kube-system namespace), I have hacked together the following change (and learned a little Go and a little more about ArgoCD on the way):

• the --sa-namespace switch to argocd's "cluster add" command for specifying the namespace to create argocd-manager SystemAccount object at when adding a cluster via CLI (tested on my local cluster)
• extension to server API's CreateFromKubeConfig() method to support specifying namespace where the SystemAccount object will be created when adding a cluster via API (untested)

The change should be non-breaking since specifying namespace name is optional. If not given, the previous value "kube-system" will be used as a default.

I hope I caught all places this might affect. The changes are there for review at my forked repository in the branch sa-namespace-feature (https://github.com/jannfis/argo-cd/tree/sa-namespace-feature). If you are interested, I'll happily send in a pull request.

[alexec]

Can this now be closed, or is more work needed?

[alexec]

No reply. Closing.