This is a cache of https://docs.openshift.com/container-platform/4.10/cicd/gitops/configuring-argo-cd-rbac.html. It is a snapshot of the page at 2024-11-27T16:54:56.258+0000.
Configuring Argo CD RBAC - GitOps | CI/CD | OpenShift Container Platform 4.10
×

By default, if you are logged into Argo CD using RHSSO, you are a read-only user. You can change and manage the user level access.

Configuring user level access

To manage and modify the user level access, configure the RBAC section in Argo CD custom resource.

Procedure
  • Edit the argocd Custom Resource:

    $ oc edit argocd [argocd-instance-name] -n [namespace]
    Output
    metadata
    ...
    ...
      rbac:
        policy: 'g, rbacsystem:cluster-admins, role:admin'
        scopes: '[groups]'
  • Add the policy configuration to the rbac section and add the name, email and the role of the user:

    metadata
    ...
    ...
    rbac:
        policy: <name>, <email>, role:<admin>
        scopes: '[groups]'

Currently, RHSSO cannot read the group information of Red Hat OpenShift GitOps users. Therefore, configure the RBAC at the user level.

Modifying RHSSO resource requests/limits

By default, the RHSSO container is created with resource requests and limitations. You can change and manage the resource requests.

Resource Requests Limits

CPU

500

1000m

Memory

512 Mi

1024 Mi

Procedure

Modify the default resource requirements patching the Argo CD CR:

$ oc -n openshift-gitops patch argocd openshift-gitops --type='json' -p='[{"op": "add", "path": "/spec/sso", "value": {"provider": "keycloak", "resources": {"requests": {"cpu": "512m", "memory": "512Mi"}, "limits": {"cpu": "1024m", "memory": "1024Mi"}} }}]'

RHSSO created by the Red Hat OpenShift GitOps only persists the changes that are made by the operator. If the RHSSO restarts, any additional configuration created by the Admin in RHSSO is deleted.