This is a cache of https://docs.openshift.com/gitops/1.11/accesscontrol_usermanagement/configuring-argo-cd-rbac.html. It is a snapshot of the page at 2024-11-21T01:02:56.426+0000.
Configuring Argo CD RBAC | Access control and user management | Red Hat OpenShift GitOps 1.11
×

By default, if you are logged into Argo CD using Red Hat SSO (RH SSO), you are a read-only user. You can change and manage the user level access.

Configuring user level access

To manage and modify the user level access, configure the role-based access control (RBAC) section in the Argo CD custom resource (CR).

Procedure
  1. Edit the argocd CR:

    $ oc edit argocd [argocd-instance-name] -n [namespace]
    Output
    metadata
    ...
    ...
      rbac:
        policy: 'g, rbacsystem:cluster-admins, role:admin'
        scopes: '[groups]'
  2. Add the policy configuration to the rbac section and add the name, email and the role of the user:

    metadata
    ...
    ...
    rbac:
        policy: <name>, <email>, role:<admin>
        scopes: '[groups]'

Currently, RHSSO cannot read the group information of Red Hat OpenShift GitOps users. Therefore, configure the RBAC at the user level.

Modifying RHSSO resource requests/limits

By default, the RHSSO container is created with resource requests and limitations. You can change and manage the resource requests.

Resource Requests Limits

CPU

500

1000m

Memory

512 Mi

1024 Mi

Procedure
  • Modify the default resource requirements patching the Argo CD custom resource (CR):

$ oc -n openshift-gitops patch argocd openshift-gitops --type='json' -p='[{"op": "add", "path": "/spec/sso", "value": {"provider": "keycloak", "resources": {"requests": {"cpu": "512m", "memory": "512Mi"}, "limits": {"cpu": "1024m", "memory": "1024Mi"}} }}]'

RHSSO created by the Red Hat OpenShift GitOps only persists the changes that are made by the operator. If the RHSSO restarts, any additional configuration created by the Admin in RHSSO is deleted.