1. Documentation
    2. history bug_report picture_as_pdf
×

Configuring Argo CD RBAC

By default, any type of user, except the kube:admin user, logged into the default Argo CD instance does not have access to any services. But a user logged into a custom Argo CD instance is a read-only user by default.

In Red Hat OpenShift GitOps v1.9.0 or earlier versions, any type of user, except the kube:admin user, logged into Argo CD using Red Hat SSO (RH SSO) is a read-only user by default.

Configuring user level access

To manage and modify the user level access, configure the role-based access control (RBAC) section in the Argo CD custom resource (CR).

Procedure

  1. Edit the argocd CR:

    $ oc edit argocd [argocd-instance-name] -n [namespace]
    Output
    metadata
...
...
  rbac:
    policy: 'g, rbacsystem:cluster-admins, role:admin'
    scopes: '[groups]'

  2. Add the policy configuration to the rbac section and add the name, email and the role of the user:

    metadata
...
...
rbac:
    policy: <name>, <email>, role:<admin>
    scopes: '[groups]'

Currently, RHSSO cannot read the group information of Red Hat OpenShift GitOps users. Therefore, configure the RBAC at the user level.