Changeset View
Changeset View
Standalone View
Standalone View
sysadm/deployment/argocd.rst
Show First 20 Lines • Show All 129 Lines • ▼ Show 20 Lines | To create a new application: | ||||||||||
- Declare a new ArgoCD application in ``k8s-clusters-conf/argocd/application/<cluster-name>/<application>-application.yaml`` | - Declare a new ArgoCD application in ``k8s-clusters-conf/argocd/application/<cluster-name>/<application>-application.yaml`` | ||||||||||
.. warning:: We are trying when it's possible to always use helm charts to deploy a service. | .. warning:: We are trying when it's possible to always use helm charts to deploy a service. | ||||||||||
You can find some other applications used to deploy helm based services in the repository. | You can find some other applications used to deploy helm based services in the repository. | ||||||||||
More information about the application configuration can also be found in the `official ArgoCD documentation <https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/>`__ | More information about the application configuration can also be found in the `official ArgoCD documentation <https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/>`__ | ||||||||||
Manage users | |||||||||||
------------ | |||||||||||
This documentation is based on the `official user management documentation <https://archive.softwareheritage.org/swh:1:cnt:c0a70eae47429de31f5eb3eb707ad2a498bee0ab;origin=https://github.com/argoproj/argo-cd;visit=swh:1:snp:2ea44c7c86241d081851907e778a41260304d898;anchor=swh:1:rev:a773b1effb6f59be14176c6402a9a69c4b480275;path=/docs/operator-manual/user-management/index.md>`__ (archived link) | |||||||||||
Prerequisite | |||||||||||
~~~~~~~~~~~~ | |||||||||||
ardumontUnsubmitted Not Done Inline Actions
ardumont: | |||||||||||
The argocd cli will be necessary to perform some action relative to the user management. | |||||||||||
Add a user | |||||||||||
~~~~~~~~~~ | |||||||||||
- Add the user on the `argo-cm.yaml <https://gitlab.softwareheritage.org/infra/ci-cd/k8s-clusters-conf/-/blob/87aa53624d61601b31697d312254aa3c57a6227d/argocd/configmaps/argocd-cm.yaml>`__ file | |||||||||||
- Add the user role on the `argocd-rbac-cm.yaml <https://gitlab.softwareheritage.org/infra/ci-cd/k8s-clusters-conf/-/blob/87aa53624d61601b31697d312254aa3c57a6227d/argocd/configmaps/argocd-rbac-cm.yaml>`__ file | |||||||||||
If no role is specified, the user will only have a read-only access | |||||||||||
.. code:: yaml | |||||||||||
g, <user>, role:admin | |||||||||||
- Commit and push your changes, wait a couple of minutes to let ArgoCD apply the changes | |||||||||||
- Modify the user password with the cli | |||||||||||
.. code:: bash | |||||||||||
$ # Check the user is created | |||||||||||
$ argocd --grpc-web account list | |||||||||||
NAME ENABLED CAPABILITIES | |||||||||||
admin true login | |||||||||||
newuser true apiKey, login | |||||||||||
$ # update its password | |||||||||||
$ argocd --grpc-web account update-password --account newuser | |||||||||||
*** Enter password of currently logged in user (admin): | |||||||||||
*** Enter new password for user newuser: XXX | |||||||||||
*** Confirm new password for user newuser: XXX | |||||||||||
Password updated | |||||||||||
Disable a user | |||||||||||
~~~~~~~~~~~~~~ | |||||||||||
- Add the following line in the `argocd-cm.yaml <https://gitlab.softwareheritage.org/infra/ci-cd/k8s-clusters-conf/-/blob/87aa53624d61601b31697d312254aa3c57a6227d/argocd/configmaps/argocd-cm.yaml>`__ file | |||||||||||
.. code:: yaml | |||||||||||
accounts.usertodisable.enabled: "false" | |||||||||||
- Commit and push your change, wait a couple of minutes to let ArgoCD apply the changes | |||||||||||
Not Done Inline Actions
ardumont: | |||||||||||
- Ensure the user is disabled | |||||||||||
.. code:: bash | |||||||||||
$ argocd --grpc-web account list | |||||||||||
NAME ENABLED CAPABILITIES | |||||||||||
admin true login | |||||||||||
usertodisable false apiKey, login | |||||||||||
Delete a user | |||||||||||
~~~~~~~~~~~~~ | |||||||||||
- Remove the changes committed in the `Add a user` procedure | |||||||||||
- Commit and push your changes, wait a couple of minutes to let ArgoCD apply the changes | |||||||||||
Not Done Inline Actions
ardumont: | |||||||||||
- Ensure the user is deleted | |||||||||||
.. code:: bash | |||||||||||
$ argocd --grpc-web account list | |||||||||||
NAME ENABLED CAPABILITIES | |||||||||||
admin true login |