OpsMx
Ask or search…
K
Links

Create new account for Argo CD with API key and RBAC permissions

Following are the sequence of activities for creating a new account for Argo CD with API key and RBAC permissions.

Add account to Argo CD via configmap

  1. 1.
    Get the configmap argocd-cm of Argo CD by executing the below command.
    kubectl get configmap argocd-cm -n argocd -o yaml > argocd-cm.yml
  2. 2.
    Edit the configmap file argocd-cm.yml and add the below line under "data" with new account which has API Key and login.
    data:
    accounts.argo-account: apiKey, login
    Note: Please note that in the above command “argo-account” is the new account name. You are free to choose any name for your account.
  3. 3.
    Apply the configmap by executing the below command . This will add a new account and allow that account to process an API key as well as login via the Command Line Interface and Graphical User Interface.
    kubectl apply -f argocd-cm.yml -n argocd

Add RBAC admin permission to user via configmap

  1. 1.
    Get the configmap argocd-rbac-cm of Argo CD by executing the below command.
    kubectl get configmap argocd-rbac-cm -n argocd -o yaml > argocd-rbac-cm.yml
  2. 2.
    Edit the configmap file argocd-rbac-cm.yml and add the below section under "data" which has admin role permissions.
    data:
    policy.csv: |
    g, argo-account, role:admin
    Note: Please note that,by default Argo CD has admin and read-only roles.
  3. 3.
    Apply the configmap by executing the below command. This will add admin permission to account.
    kubectl apply -f argocd-rbac-cm.yml -n argocd

Create password for new Argo CD account

  1. 1.
    Login into Argo CD as an admin account via Argo CLI by executing the below command.
    argocd login SERVER
  2. 2.
    Create password to the new account by executing the below command. Password should contain at least one UPPERCASE.
    argocd account update-password --account argo-account --current-password current-admin-password --new-password Argo-password
    Note: Replace the “argo-account” in the above command with your new Argo account and the “current-admin-password” with the current logged in admin password.
  3. 3.
    Generate token to the account. For the detailed information, refer here.