Since few weeks now, the operator Red Hat OpenShift GitOps became GA and embbed tools like Tekton and ArgoCD.
When the operator is deployed, it provisions a vanilla ArgoCD which miss the OpenShift integrated login. In this post, we are going to review the steps to enable it.
Deploy and fine tune the Red Hat OpenShift GitOps
- Follow the official documentation on the installation of the operator
- Once the operator is deployed, go to the menu Operators>Installed Operators and click on the freshly deployed Red Hat OpenShift GitOps
- Using the dropdown Actions on top right of the page, choose Edit Subscription
- On the YAML code, under the spec level, enable the DEX feature to enable external authentication and click Save
...
spec:
config:
env:
- name: DISABLE_DEX
value: 'false'
...
or
oc patch subscription openshift-gitops-operator -n openshift-operators --type=merge -p='{"spec":{"config":{"env":[{"name":"DISABLE_DEX","Value":"false"}]}}}'
Configure ArgoCD to allow OpenShift authentication
- Change the project to openshift-gitops
- Go to the menu Operators>Installed Operators and click on Red Hat OpenShift GitOps, select tab Argo CD
- On the ArgoCD instance list, click on the three dots at the very left of the openshift-gitops and select Edit ArgoCD
- On the YAML code, under the spec level, update the DEX and RBAC section to match the following
...
spec:
dex:
openShiftOAuth: true
rbac:
defaultPolicy: 'role:readonly'
policy: |
g, system:cluster-admins, role:admin
scopes: '[groups]'
...
or
oc patch argocd openshift-gitops -n openshift-gitops --type=merge -p='{"spec":{"dex":{"openShiftOAuth":true},"rbac":{"defaultPolicy":"role:readonly","policy":"g, system:cluster-admins, role:admin","scopes":"[groups]"}}}'
- Monitor the pods being restared to apply the configuration and test your login
Top comments (0)