argo access
This commit is contained in:
@@ -10,7 +10,8 @@ configs:
|
||||
cm:
|
||||
application.resourceTrackingMethod: annotation
|
||||
timeout.reconciliation: 60s
|
||||
admin.enabled: "true"
|
||||
# Admin login disabled — SSO only. Break-glass: kubectl patch cm argocd-cm -n argocd -p '{"data":{"admin.enabled":"true"}}'
|
||||
admin.enabled: "false"
|
||||
url: https://argocd.forteapps.net
|
||||
oidc.config: |
|
||||
name: Forte SSO
|
||||
@@ -22,7 +23,8 @@ configs:
|
||||
policy.csv: |
|
||||
g, ArgoCD Admins, role:admin
|
||||
g, ArgoCD Viewers, role:readonly
|
||||
policy.default: role:readonly
|
||||
# Deny users not in any declared KC group (ArgoCD Admins / ArgoCD Viewers)
|
||||
policy.default: ""
|
||||
scopes: '[groups]'
|
||||
params:
|
||||
"server.insecure": true
|
||||
|
||||
@@ -166,6 +166,16 @@ keycloakConfigCli:
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"groups": [
|
||||
{
|
||||
"name": "ArgoCD Admins",
|
||||
"path": "/ArgoCD Admins"
|
||||
},
|
||||
{
|
||||
"name": "ArgoCD Viewers",
|
||||
"path": "/ArgoCD Viewers"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user