Create New Account
$ kubectl edit cm argocd-cmapiVersion: v1
data:
accounts.dev: login
accounts.qa: login # 계정 추가
kind: ConfigMap
metadata:
annotations:
...Update Account Role
$ kubectl edit cm argocd-rbac-cmapiVersion: v1
kind: ConfigMap
metadata:
name: argocd-rbac-cm
namespace: argocd
data:
policy.default: role:readonly
policy.csv: |
p, role:org-admin, applications, *, */*, allow
p, role:org-admin, clusters, get, *, allow
p, role:org-admin, repositories, get, *, allow
p, role:org-admin, repositories, create, *, allow
p, role:org-admin, repositories, update, *, allow
p, role:org-admin, repositories, delete, *, allow
p, role:org-admin, logs, get, *, allow
p, role:org-admin, exec, create, */*, allow
g, your-github-org:your-team, role:org-admin기본 제공 Role
- role:readonly - 모든 Resources에 대한 읽기 권한
- role:admin - 모든 Resources에 대한 전체 권한
RBAC 권한 구조
- All resources except application-specific permissions
p, <role/user/group>, <resource>, <action>, <object> - Applications, applicationsets, logs, and exec
p, <role/user/group>, <resource>, <action>, <appproject>/<object>
RBAC Resources and Actions
Resources
- clusters
- projects
- applications
- applicationsets
- repositories
- certificates
- accounts
- gpgkeys
- logs
- exec
Actions
- get
- create
- update
- delete
- sync
- override
- action/<group/kind/action-name>
sync, override, action/<group/kind/action-name>은 Application Resource에만 의미 있다
신규 계정 비밀번호 업데이트
$ argocd login $ARGOCD_DOMAIN --username $USER_NAME --password $PASSWORD$ argocd account list
$ argocd account update-password --account $USER_NAME --new-password $PASSWORD참조
https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
software engineer