Categories
argocd programming

ArgoCD: Add new local accounts through helm chart?

Last Updated:

I ran into this reddit post when I was trying to create a local account via the argo-cd helm chart. I can’t comment on the post anymore but I can answer the question here

Helm Chart Version

Argo-cd helm chart version: 7.6.7

Custom Helm Values File

Create a custom values file called values.yaml

configs:
  rbac:
    policy.default: role:readonly  # ***** Allows you to view everything without logging in.
    ##################################
    # Assign admin roles to users
    ##################################
    
    policy.csv: |
      g, baylin2, role:admin
      g, joesmith, role:admin
      g, vpoole, role:admin


  ##################################
  # Assign permission login and to create api keys for  users
  ##################################
cm:
  accounts.baylin2: apiKey, login
  accounts.joesmith: apiKey, login
  accounts.vpoole: apiKey, login
  users.anonymous.enabled: true
params:
  server.insecure: true #communication between services is via http

##################################
#  Assigning the password to the users. Argo-cd uses bycypt.
#  To generate a new password use https://bcrypt.online/ to generate a new password and add it here.
##################################
secret:
  extra:
    accounts.baylin2.password: $2y$10$p5knGMvbVSSBzvbeM1tLne2rYBW.4L6aJqN.Fp1AalKe3qh3LuBq6 #fancy_password
    accounts.baylin2.passwordMtime: 2024-10-08T17:45:10Z


    accounts.joesmith.password: $2y$10$p5knGMvbVSSBzvbeM1tLne2rYBW.4L6aJqN.Fp1AalKe3qh3LuBq6 #fancy_password
    accounts.joesmith.passwordMtime: 2024-10-08T17:45:10Z


    accounts.vpoole.password: $2y$10$p5knGMvbVSSBzvbeM1tLne2rYBW.4L6aJqN.Fp1AalKe3qh3LuBq6 #fancy_password
    accounts.vpoole.passwordMtime: 2024-10-08T17:45:10Z

server:
  service:
    type: LoadBalancer

values.yaml

Install the Argocd helm Release

helm install --repo  https://argoproj.github.io/argo-helm --version 7.6.7 argocd argo-cd -f values.yaml

Get the public ip address associated with the service or use port forwarding on the service

$kubectl get svc 
NAME                               TYPE           CLUSTER-IP       EXTERNAL-IP      PORT(S)                      AGE
argocd-applicationset-controller   ClusterIP      10.114.227.176   <none>           7000/TCP                     3m19s
argocd-dex-server                  ClusterIP      10.114.234.168   <none>           5556/TCP,5557/TCP            3m19s
argocd-redis                       ClusterIP      10.114.235.236   <none>           6379/TCP                     3m18s
argocd-repo-server                 ClusterIP      10.114.226.23    <none>           8081/TCP                     3m19s
argocd-server                      LoadBalancer   10.114.234.103   35.196.1.1   80:30333/TCP,443:30713/TCP   3m1

or

$kubectl port-forward svc/argocd-server --address 0.0.0.0 8080:80

Now access the account page via loadbalancer or port forwarding

Port Forwarding:

Loadbalance ip:

  • local accounts page with users defined in argocd

    Try logging in with one of the users you defined for example

    username: vpoole

    password: fancy_password

    argocd login page with username/password visible

Leave a Reply

Your email address will not be published. Required fields are marked *