前言
本文档记录操作基于V2.5.10版本, 主要用于日后重复操作备忘使用, 也给遇到同样问题的小伙伴提供一点点思路
创建用户
在argocd-cm这个configmap中创建账户
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
namespace: argocd
labels:
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
data:
# add an additional local user with apiKey and login capabilities
# apiKey - allows generating API keys
# login - allows to login using UI
accounts.alice: apiKey, login
# disables user. User is enabled by default
accounts.alice.enabled: "false"
# example
accounts.reader: apiKey, login
登录argocd修改密码
# argocd login argocd-server.argocd --password 'AAA' --username UUU
# argocd account update-password --account reader --current-password 'AAA' --new-password 'NEWPASSWORD'
这里的--current-password是登录用户的密码
设置Token
先决条件是该用户有给apiKey权限
# argocd account generate-token --account 'reader'
eyJhbGciOiJIUzI1NiIsInVCJ9.eyJpc3MiOiJhcmdYW9iaWxpbmc6YXBpS2V5IiwibmJmIjoxNjgyMjIyNDYwLCJpYXQiOjE2ODIyM
设置权限
在argocd-rbac-cm这个configmap中设置权限
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-rbac-cm
namespace: argocd
labels:
app.kubernetes.io/part-of: argocd
data:
policy.default: role:readonly
policy.csv: |
p, role:org-admin, applications, *, */*, allow
p, role:org-admin, clusters, get, *, allow
p, role:org-admin, repositories, get, *, allow
p, role:org-admin, repositories, create, *, allow
p, role:org-admin, repositories, update, *, allow
p, role:org-admin, repositories, delete, *, allow
g, TestEngineering, role:org-admin
