ArgoCD RBAC - Almax84/consulting-wiki GitHub Wiki

1. Create group oc adm groups new argocd
2. Add user to group oc adm groups add-users argocd admin
3. Edit ArgoCD operator CRD: oc edit argocd openshift-gitops
4. add permissions:

    defaultPolicy: ""
    policy: |
      g, system:cluster-admins, role:admin
      g, cluster-admins, role:admin
      g, argocd, role:admin
    scopes: '[groups]'

https://access.redhat.com/solutions/6955405

Come è la risorsa con CNPADC TEST

apiVersion: v1
data:
  policy.csv: |
    g, system:cluster-admins, role:admin
    g, cluster-admins, role:admin
    g, argocd, role:admin
  policy.default: role:admin
  scopes: '[groups]'
kind: ConfigMap
metadata:
  creationTimestamp: "2022-04-26T14:06:19Z"
  labels:
    app.kubernetes.io/managed-by: openshift-gitops
    app.kubernetes.io/name: argocd-rbac-cm
    app.kubernetes.io/part-of: argocd
  name: argocd-rbac-cm
  namespace: openshift-gitops
  ownerReferences:
  - apiVersion: argoproj.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: ArgoCD
    name: openshift-gitops
    uid: 9088024a-ef2c-4a6e-aa3d-fa08fd808ea0
  resourceVersion: "64456338"
  uid: ad621011-815e-406c-b95b-e9a49131ad54  

Come è in PROD

apiVersion: v1
data:
  policy.csv: |
    g, system:cluster-admins, role:admin
    g, cluster-admins, role:admin
    g, argocd, role:admin
  policy.default: ""
  scopes: '[groups]'
kind: ConfigMap
metadata:
  creationTimestamp: "2022-04-26T14:07:14Z"
  labels:
    app.kubernetes.io/managed-by: openshift-gitops
    app.kubernetes.io/name: argocd-rbac-cm
    app.kubernetes.io/part-of: argocd
  name: argocd-rbac-cm
  namespace: openshift-gitops
  ownerReferences:
  - apiVersion: argoproj.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: ArgoCD
    name: openshift-gitops
    uid: e42d333e-3aee-412c-b906-fc7a1310efca
  resourceVersion: "30228408"
  uid: 99f414f4-9162-4f1e-8b0c-46e4212f2de9