How to Add Users and Role Policies in Argo CD

how-to-add-users-and-roles-in-argocd.md

Adding Users with Role Policy in Argo CD

Step 1: Login to Argo CD

You can log in to Argo CD or bash into the Argo CD pod running in Kubernetes:

argocd login <ARGOCD_SERVER> --username admin --password <ADMIN_PASSWORD>

Step 2: Create a User

To create a new user with a password, use the following command:

argocd account create <username> --password <password>

Step 3: Define Access Policy for the User

Apply the following ConfigMap to set the user's permissions:

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-rbac-cm
  namespace: argocd
data:
  policy.csv: |
    p, <username>, applications, get, */*, allow
    p, <username>, applications, create, */*, allow
    p, <username>, applications, delete, */*, allow
    p, <username>, applications, sync, */*, allow

Example Variables

<username> = dev-user-1

Role Based Policy

If you want to create a role what will be assined to different users group you can do it like this;

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-rbac-cm
  namespace: argocd
data:
  policy.csv: |
    p, <userRole>, applications, get, <project>/<application>, allow
    p, <userRole>, applications, create, <project>/<application>, allow
    p, <userRole>, applications, delete, <project>/<application>, allow
    p, <userRole>, applications, sync, <project>/<application>, allow
    
    g, <username>, role:<userRole>

Example Variables

• <userRole> = devOpsEngineers
• <username> = dev-user-1
• <project> = default
• <application> = app-1

Notes on Resources

In Argo CD, you can provide permissions for various resources, such as:

• Applications
• Logs
• Accounts
• Projects
• Clusters
• Repositories
• Certificates
• Applicationsets
• Gpgkeys

Actions Users May Require Permission For

• Get
• Create
• Update
• Delete
• Sync
• Override