diff --git a/docs/user-guide/projects.md b/docs/user-guide/projects.md index 5a8fc9a01a204..6e289457d0fb4 100644 --- a/docs/user-guide/projects.md +++ b/docs/user-guide/projects.md @@ -9,7 +9,7 @@ Projects provide a logical grouping of applications, which is useful when Argo C ### The Default Project -Every application belongs to a single project. If unspecified, an application belongs to the `default` project, which is created automatically and by default, permits deployments from any source repo, to any cluster, and all resource Kinds. The default project can be modified, but not deleted. When initially created, it's specification is configured to be the most permissive: +Every application belongs to a single project. If unspecified, an application belongs to the `default` project, which is created automatically and by default, permits deployments from any source repo, to any cluster, and all resource Kinds. When initially created, it's specification is configured to be the most permissive: ```yaml spec: @@ -23,6 +23,26 @@ spec: kind: '*' ``` +The `default` project can be modified, but not deleted. The project is useful for initial testing, but it is recommended to create dedicated projects with explicit source, destination, and resource permissions. + +To remove all permissions from the `default` project, apply the following manifest to the namespace where Argo CD is installed: + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: default +spec: + sourceRepos: [] + sourceNamespaces: [] + destinations: [] + namespaceResourceBlacklist: + - group: '*' + kind: '*' +``` + +After you modify the `default` project, any application that attempts to use it will be denied until you explicitly move the application to a more permissive project. + ### Creating Projects Additional projects can be created to give separate teams different levels of access to namespaces. The following command creates a new project `myproject` which can deploy applications to namespace `mynamespace` of cluster `https://kubernetes.default.svc`. The permitted Git source repository is set to `https://github.com/argoproj/argocd-example-apps.git` repository.