Questo contenuto non è disponibile nella lingua selezionata.
Chapter 1. Configuring Argo CD RBAC
By default, any type of user, except the kube:admin
user, logged into the default Argo CD instance does not have access to any services. But a user logged into a custom Argo CD instance is a read-only user by default.
In Red Hat OpenShift GitOps v1.9.0 or earlier versions, any type of user, except the kube:admin
user, logged into Argo CD using Red Hat SSO (RH SSO) is a read-only user by default.
1.1. Configuring user level access
To manage and modify the user level access, configure the role-based access control (RBAC) section in the Argo CD custom resource (CR).
Procedure
Edit the
argocd
CR:$ oc edit argocd [argocd-instance-name] -n [namespace]
Output
metadata ... ... rbac: policy: 'g, rbacsystem:cluster-admins, role:admin' scopes: '[groups]'
Add the
policy
configuration to therbac
section and add thename
and the desiredrole
to be applied to the user:metadata ... ... rbac: policy: g, <name>, role:<admin> scopes: '[groups]'
Currently, RHSSO cannot read the group information of Red Hat OpenShift GitOps users. Therefore, configure the RBAC at the user level.