加用户步骤:
修改argocd-cm,添加data
data:
accounts.linyanzhi: login /添加linyanzhi登录账号
# disables user. User is enabled by default
accounts.linyanzhi.enabled: "enable" /启用linyanzhi账号
修改密码:
argocd account update-password --account linyanzhi --current-password argocd-server-ABCDEFG --new-password linyanzhi123
用户权限控制:修改cm下的argocd-rbac-cm
data:
policy.csv: |
p, linyanzhi, *, *, lixian/*, allow -----p是policy,用户名,要使用的资源,要使用的方法,项目,allow或deny
#policy.default: role:readonly -----默认策略
scopes: '[accounts]'
线上例子参考:
data:
policy.csv: |
p, hub, applications, get, lixian/*, deny
p, hub_viewer, applications, get, */*, allow
p, hub_admin, *, *, */*, allow
p, hub_admin, projects, *, *, allow
p, lixian_admin, applications, *, lixian/*, allow
p, lixian_admin, certificates, *, *, allow
p, lixian_admin, clusters, *, *, allow
p, lixian_admin, repositories, *, *, allow
p, lixian_admin, projects, *, lixian, allow
p, lixian_admin, accounts, *, *, allow
p, lixian_admin, gpgkeys, get, *, allow
p, lixian_readonly, applications, get, lixian/*, allow
参考文档:
用户管理:https://argoproj.github.io/argo-cd/operator-manual/user-management/
RBAC控制:https://argoproj.github.io/argo-cd/operator-manual/rbac/