Command line login

Reference resources ：argocd Log in and log out ^[1]

Sign in ：

echo y | argocd login argocd-server.argocd.svc.cluster.local --password '[email protected]' --username admin

Log out ：

argocd logout argocd-server.argocd.svc.cluster.local

Create user 、 to grant authorization

Create user

Reference resources ： User management ^[2]

stay argocd/argocd-cm Add one gitops user , Generated apiKey and login jurisdiction .

apiVersion: v1
 data:
   accounts.gitops: apiKey, login
 kind: ConfigMap
 metadata:
   labels:
     app.kubernetes.io/name: argocd-cm
     app.kubernetes.io/part-of: argocd
   name: argocd-cm
   namespace: argocd

After modification , Will be hot loaded , No need to restart any services .

use admin After the user logs in , modify gitops The password for [email protected]（ Be careful current-password Is the password of the currently logged in user , If you use admin Logon , Namely admin Password ）

argocd account update-password \
  --account gitops \
  --current-password '[email protected]' \
  --new-password '[email protected]'

At this point, you can log in with the command line ：

echo y | argocd login argocd-server.argocd.svc.cluster.local --password '[email protected]' --username gitops

This user cannot see admin Build any resources （app、project、 Warehouse 、cluster etc. ）. to gitops User generated token：（ Generated in this way token Never expire , You can add --expires-in Parameter setting expiration time ）

# argocd account generate-token --account gitops
xxxx

Then you need login 了 , You need to specify the --server and --insecure

argocd app list --auth-token xxx --server argocd-server.argocd.svc.cluster.local --insecure

But use token The way , Every time you execute the command line, you need to add parameters , More complicated . direct login The post operation is simpler .

jurisdiction

Reference resources ：Rbac Access control ^[3]

Resources and actions include the following ：

Resources: clusters, projects, applications, repositories, certificates, accounts, gpgkeys, logs, exec Actions: get, create, update, delete, sync, override, action/<group/kind/action-name>

stay argocd-rbac-cm Configmaps Add the following policy.csv You can see that admin Created app、 Warehouse and other information ：

data:
   policy.csv: |
    p, role:gitops, applications, get, *, allow
    p, role:gitops, applications, create, *, allow
    p, role:gitops, applications, update, *, allow
    p, role:gitops, applications, sync, *, allow
    p, role:gitops, applications, override, *, allow
    p, role:gitops, repositories, get, *, allow
    p, role:gitops, repositories, create, *, allow
    p, role:gitops, repositories, update, *, allow
    p, role:gitops, projects, create, *, allow
    p, role:gitops, projects, get, *, allow
    p, role:gitops, clusters, get, *, allow
    p, role:gitops, clusters, list, *, allow
    g, gitops, role:gitops
 apiVersion: v1
 kind: ConfigMap
 metadata:
   labels:
     app.kubernetes.io/name: argocd-rbac-cm
     app.kubernetes.io/part-of: argocd
   name: argocd-rbac-cm
   namespace: argocd

Be careful ： Must increase g, gitops, role:gitops take gitops User added gitops This role in .

Trigger synchronization sync

echo y | argocd login argocd-server.argocd.svc.cluster.local --password '[email protected]' --username gitops

argocd app sync apps-by-top-app

Reference material

[1]

argocd Log in and log out : https://argo-cd.readthedocs.io/en/stable/user-guide/commands/argocd_login/

User management : https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/

Rbac Access control : https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/

- END -

Share 、 Dianzanhe is watching

Support us to share more good articles , thank you ！

  Order one Looking at Cluster is always stable