Since few weeks now, the operator Red Hat OpenShift GitOps became GA and embbed tools like Tekton and ArgoCD.

When the operator is deployed, it provisions a vanilla ArgoCD which miss the OpenShift integrated login. In this post, we are going to review the steps to enable it.

Deploy and fine tune the Red Hat OpenShift GitOps

1. Follow the official documentation on the installation of the operator
2. Once the operator is deployed, go to the menu Operators>Installed Operators and click on the freshly deployed Red Hat OpenShift GitOps
3. Using the dropdown Actions on top right of the page, choose Edit Subscription
4. On the YAML code, under the spec level, enable the DEX feature to enable external authentication and click Save

...
spec:
  config:
    env:
      - name: DISABLE_DEX
        value: 'false'
...

oc patch subscription openshift-gitops-operator -n openshift-operators --type=merge -p='{"spec":{"config":{"env":[{"name":"DISABLE_DEX","Value":"false"}]}}}'

Configure ArgoCD to allow OpenShift authentication

1. Change the project to openshift-gitops
2. Go to the menu Operators>Installed Operators and click on Red Hat OpenShift GitOps, select tab Argo CD
3. On the ArgoCD instance list, click on the three dots at the very left of the openshift-gitops and select Edit ArgoCD
4. On the YAML code, under the spec level, update the DEX and RBAC section to match the following

...
spec:
  dex:
    openShiftOAuth: true
  rbac:
    defaultPolicy: 'role:readonly'
    policy: |
      g, system:cluster-admins, role:admin
    scopes: '[groups]'
...

oc patch argocd openshift-gitops -n openshift-gitops --type=merge -p='{"spec":{"dex":{"openShiftOAuth":true},"rbac":{"defaultPolicy":"role:readonly","policy":"g, system:cluster-admins, role:admin","scopes":"[groups]"}}}'

1. Monitor the pods being restared to apply the configuration and test your login