Argocd got permission error when create new application

Solution Verified - Updated -

Environment

  • Azure Red Hat OpenShift 4 (ARO)
  • Red Hat OpenShift Container Platform (RHOCP)
    • 4.11

Issue

  • When create new application in Argocd console, got below error at Argocd portal
Unable to create application: permission denied: applications, create, default/test, sub: EglvcGVuc2hpZnQ, iat: 2023-04-10T07:47:25Z

Resolution

  • login to ArgoCD console

  • Go to User Info page , and check who logged in to the console , it will display some information about what group current user is belong

Username: student

Issuer: https://argocd-sample-server-testpraiate.apps.b5l5n8j8.eastus.aroapp.io/api/dex

Groups:

mylocaladmins               <=== for-example student user is belong to mylocaladmins group
system:authenticated
system:authenticated:oauth
  • Then please review your ArgoCD instance yaml file , make sure to setup rbac policy for permission
apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: argocd-sample
  namespace: argocd
spec:
  server:
    autoscale:
      enabled: false
    grpc:
      ingress:
        enabled: false
    ingress:
      enabled: false
    route:
      enabled: true
    service:
      type: ''
  grafana:
    enabled: false
    ingress:
      enabled: false
    route:
      enabled: false
  notifications:
    enabled: false
  prometheus:
    enabled: false
    ingress:
      enabled: false
    route:
      enabled: false
  initialSSHKnownHosts: {}
  rbac:
    policy: 'g, mylocaladmins, role:admin'    <===This line indicated that Argocd will grant admin
                                                  permission for mylocaladmins group in Openshift
  repo: {}
  dex:
    image: quay.io/ablock/dex
    openShiftOAuth: true
    version: openshift-connector

Root Cause

Diagnostic Steps

reproduce issue by install Argocd operator and instance

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments