Is your feature request related to a problem? Please describe.
Feature. We're using ArgoCD to deploy applications to different remote clusters - however we only have access to resources inside a specific namespace. Is it possible to have ArgoCD operate at a namespace level only for certain remote clusters?

The documentation mentions it requires cluster-wide read and we can observe this in the logs, when trying to delete an application:

time="2019-09-11T06:33:44Z" level=info msg="Unable to delete application resources: pods is forbidden: User \"system:serviceaccount:saturn:argocd\" cannot list resource \"pods\" in API group \"\" at the cluster scope" application=test dest-namespace=saturn dest-server="https://k8s.dc01?__uid=saturn" reason=StatusRefreshed type=Warning

It would be really nice for those us working with remote clusters managed by other teams to have a option to have argocd work in a specific namespace. We run argocd in our own cluster but are deploying applications to other clusters to specific namespaces where we only have access to the namespace we're deploying to.

Describe the solution you'd like
Option to scope resource reads to a namespace.

Workaround

Currently we update the argocd-cm configmap with the following:

resource.exclusions:
      - apiGroups:
          - "*"
        kinds:
          - "*"
        clusters:
          - https://k8s.dc01?__uid=saturn

This seems to work OK but does not give us as much visibility after the resources are created.