30
Enable OpenShift login on ArgoCD from GitOps Operator
source link: https://dev.to/camptocamp-ops/enable-openshift-login-on-argocd-from-gitops-2h9a
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Since few weeks now, the operator Red Hat OpenShift GitOps became GA and embbed tools like Tekton and ArgoCD.
When the operator is deployed, it provisions a vanilla ArgoCD which miss the OpenShift integrated login. In this post, we are going to review the steps to enable it.
Deploy and fine tune the Red Hat OpenShift GitOps
- Follow the official documentation on the installation of the operator
- Once the operator is deployed, go to the menu Operators>Installed Operators and click on the freshly deployed Red Hat OpenShift GitOps
- Using the dropdown Actions on top right of the page, choose Edit Subscription
- On the YAML code, under the spec level, enable the DEX feature to enable external authentication and click Save
...
spec:
config:
env:
- name: DISABLE_DEX
value: 'false'
...
Enter fullscreen modeExit fullscreen mode
oc patch subscription openshift-gitops-operator -n openshift-operators --type=merge -p='{"spec":{"config":{"env":[{"name":"DISABLE_DEX","Value":"false"}]}}}'
Enter fullscreen modeExit fullscreen mode
Configure ArgoCD to allow OpenShift authentication
- Change the project to openshift-gitops
- Go to the menu Operators>Installed Operators and click on Red Hat OpenShift GitOps, select tab Argo CD
- On the ArgoCD instance list, click on the three dots at the very left of the openshift-gitops and select Edit ArgoCD
- On the YAML code, under the spec level, update the DEX and RBAC section to match the following
...
spec:
dex:
openShiftOAuth: true
rbac:
defaultPolicy: 'role:readonly'
policy: |
g, system:cluster-admins, role:admin
scopes: '[groups]'
...
Enter fullscreen modeExit fullscreen mode
oc patch argocd openshift-gitops -n openshift-gitops --type=merge -p='{"spec":{"dex":{"openShiftOAuth":true},"rbac":{"defaultPolicy":"role:readonly","policy":"g, system:cluster-admins, role:admin","scopes":"[groups]"}}}'
Enter fullscreen modeExit fullscreen mode
- Monitor the pods being restared to apply the configuration and test your login
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK