Goal
As an admin, I wish to configure "login with OpenShift" with support for authorization using group memberships.
Acceptance Criteria
- As an Argo CD admin, I should be able to enable authentication/authorization ( ie, with support for groups ) using OpenShift by updating the Argo CD manifest/resource as shown here https://github.com/argoproj-labs/argocd-operator/blob/master/examples/argocd-oauth.yaml
- As an Argo CD admin/user, I should be able login to Argo CD with my OpenShift user credentials incl kubeadmin.
- The above should work in air-gapped clusters & OSD/ROSA
- See "Implementation notes" for technical requirements.
What is dex
https://argoproj.github.io/argo-cd/operator-manual/user-management/#dex
Support implications
- Customers will ONLY receive support for Argo CD + OpenShift Login with dex.
- Customers will NOT receive support for any other configuration of dex. We will evaluate if any other dex connector needs to be supported in future.
- The RH-built dex image on registry.redhat.io would be a component of OpenShift GitOps. Any usage of the same outside the context of OpenShift GitOps will not be supported by Red Hat.
- Red Hat's supported SSO product continues to be RH-SSO(Keycloak). The team will continue to work on ensuring RH-SSO works with OpenShift GitOps / Argo CD.
Implementation notes:
- Use dex for powering this capability - in alignment with the upstream deployment stack.
- DISABLE_DEX is set to false.
- The deployed dex container uses an RH built Dex image available on registry.redhat.io .
[1] https://github.com/argoproj-labs/argocd-operator/blob/master/examples/argocd-oauth.yaml
- is documented by
-
RHDEVDOCS-3362 Document authentication and authorization using OpenShift credentials
- Closed
- is duplicated by
-
GITOPS-1064 Enable Dex support in GitOps Operator
- Closed