$ oc edit argocd [argocd-instance-name] -n [namespace]
By default, if you are logged in to Argo CD using Red Hat SSO (RH SSO), you are a read-only user. You can change and manage the user level access.
To manage and modify the user level access, configure the role-based access control (RBAC) section in the Argo CD custom resource (CR).
Edit the argocd
CR:
$ oc edit argocd [argocd-instance-name] -n [namespace]
metadata
...
...
rbac:
policy: 'g, rbacsystem:cluster-admins, role:admin'
scopes: '[groups]'
Add the policy
configuration to the rbac
section and add the name
and the desired role
to be applied to the user:
metadata
...
...
rbac:
policy: g, <name>, role:<admin>
scopes: '[groups]'
Currently, RHSSO cannot read the group information of Red Hat OpenShift GitOps users. Therefore, configure the RBAC at the user level. |
By default, the RHSSO container is created with resource requests and limitations. You can change and manage the resource requests.
Resource | Requests | Limits |
---|---|---|
CPU |
500 |
1000m |
Memory |
512 Mi |
1024 Mi |
Modify the default resource requirements patching the Argo CD custom resource (CR):
$ oc -n openshift-gitops patch argocd openshift-gitops --type='json' -p='[{"op": "add", "path": "/spec/sso", "value": {"provider": "keycloak", "resources": {"requests": {"cpu": "512m", "memory": "512Mi"}, "limits": {"cpu": "1024m", "memory": "1024Mi"}} }}]'
RHSSO created by the Red Hat OpenShift GitOps only persists the changes that are made by the operator. If the RHSSO restarts, any additional configuration created by the Admin in RHSSO is deleted. |