Chapter 1. Configuring Argo CD RBAC
By default, if you are logged in to Argo CD using Red Hat SSO (RH SSO), you are a read-only user. You can change and manage the user level access.
1.1. Configuring user level access
To manage and modify the user level access, configure the role-based access control (RBAC) section in the Argo CD custom resource (CR).
Procedure
Edit the
argocdCR:$ oc edit argocd [argocd-instance-name] -n [namespace]
Output
metadata ... ... rbac: policy: 'g, rbacsystem:cluster-admins, role:admin' scopes: '[groups]'Add the
policyconfiguration to therbacsection and add thenameand the desiredroleto be applied to the user:metadata ... ... rbac: policy: g, <name>, role:<admin> scopes: '[groups]'
Currently, RHSSO cannot read the group information of Red Hat OpenShift GitOps users. Therefore, configure the RBAC at the user level.
1.2. Modifying RHSSO resource requests/limits
By default, the RHSSO container is created with resource requests and limitations. You can change and manage the resource requests.
| Resource | Requests | Limits |
|---|---|---|
| CPU | 500 | 1000m |
| Memory | 512 Mi | 1024 Mi |
Procedure
- Modify the default resource requirements patching the Argo CD custom resource (CR):
$ oc -n openshift-gitops patch argocd openshift-gitops --type='json' -p='[{"op": "add", "path": "/spec/sso", "value": {"provider": "keycloak", "resources": {"requests": {"cpu": "512m", "memory": "512Mi"}, "limits": {"cpu": "1024m", "memory": "1024Mi"}} }}]'RHSSO created by the Red Hat OpenShift GitOps only persists the changes that are made by the operator. If the RHSSO restarts, any additional configuration created by the Admin in RHSSO is deleted.
