How to Add a Local User in OpenShift GitOps

Solution Verified - Updated -

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4
  • Red Hat OpenShift on AWS (ROSA)
    • 4
  • Red Hat OpenShift Dedicated (OSD)
    • 4
  • Azure Red Hat OpenShift (ARO)
    • 4
  • Red Hat OpenShift GitOps Operator
    • 1.6+

Issue

  • How to create local users in OpenShift GitOps

Resolution

  1. To add a user, modify the ArgoCD CRD instance to include the extraConfig field in the spec. The Operator owns the argocd-cm ConfigMap, so changes to the data.accounts field might not persist.

Example:

spec:
  extraConfig:
    accounts.<new-username>: apiKey, login
  1. Save and apply the changes. The Operator will update the argocd-cm ConfigMap accordingly.

Note: This solution applies to GitOps Operator version 1.6 and above.

Root Cause

For Red Hat OpenShift GitOps Operator version 1.6 and below, you can add a user to the ConfigMap argocd-cm in openshift-gitops.

However, for versions greater than 1.6, the argocd-cm is controlled by the operator and the data.accounts field is not directly editable. In these versions, use the extraConfig field in the ArgoCD's spec.

Diagnostic Steps

Descriptions:

$ oc explain argocd.spec.extraConfig
KIND:     ArgoCD
VERSION:  argoproj.io/v1alpha1

FIELD:    extraConfig <map[string]string>

DESCRIPTION:
     ExtraConfig can be used to add fields to Argo CD configmap that are not
     supported by Argo CD CRD. Note: ExtraConfig takes precedence over Argo CD
     CRD. For example, A user sets `argocd.Spec.DisableAdmin` = true and also
     `a.Spec.ExtraConfig["admin.enabled"]` = true. In this case, operator
     updates Argo CD Configmap as follows -> argocd-cm.Data["admin.enabled"] =
     true.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments