From b5d85f6059472e588672c7a24319c1ab4d3c0265 Mon Sep 17 00:00:00 2001
From: mikutas <23391543+mikutas@users.noreply.github.com>
Date: Wed, 9 Oct 2024 13:09:13 +0900
Subject: [PATCH] feat: forbid role:admin to delete resources

---
 apps/argo-cd/values.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/apps/argo-cd/values.yaml b/apps/argo-cd/values.yaml
index 2b2ec21..1f7c241 100644
--- a/apps/argo-cd/values.yaml
+++ b/apps/argo-cd/values.yaml
@@ -32,6 +32,8 @@ argo-cd:
       "applicationsetcontroller.policy": create-update
       "server.insecure": true
     rbac:
+      policy.csv: |
+        p, role:admin, applications, delete, argo-cd/*, deny
       # https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#default-policy-for-authenticated-users
       policy.default: role:admin
     styles: |