Updates to images and config maps for SSO and RBAC

[JTG2020]

I installed this operator in Openshift V4. However I don't see any place where I can see all configurations for updates. Somehow I could update operator yaml to update image paths because I want to use openshift registry for images. Instead of Openshift SSO, I want to enable GitHub SSO and I don't see any section for it ….rather I should say I am not sure where in the operator I should make these changes. Any insight and docs update will be helpful.

[disposab1e]

@JTG2020 Take one of the examples and apply what you need. As documented all values from the Helm Chart work.

How to install Argo CD is documented for various Kubernetes Distributions here.

Hope this helps to get you up and running!

[trv-akanse]

@disposab1e Thank you for your quick response. I could bring up ArgoCD using Operator because its already available in OpenShift Operators. I apologize in advance as this could be repeated question. Once operator is installed if I have to make changes to configs , do I have to apply configs separately ex . I should run ocp.yaml (from examples )with required configurations after operator installation ? basically at what stage I should run ocp.yaml with config changes ? And also do I have to restart any pods ?

[disposab1e]

@trv-akanse All operators work the same. They watch for custom resources and apply these resources to the cluster. When you apply ocp.yaml (after operator installation) the operator will install argocd with the settings from ocp.yaml. If you need to change settings after argocd installation, just change your ocp.yaml and apply it again. The operator will see the changes and will apply these changes to the cluster. When you remove ocp.yaml argocd will be removed from the cluster too.

When you intsall ocp.yaml (argocd) the first time you don't have to start/restart any pods. When you change some settings after installation in most cases there is no restart of any pods needed. But to get sure you can remove and add ocp.yaml. Your projects and apps are NOT deleted so you can simply remove and add with new settings.

Just give it a try and play a little. After operator installtion it's all about adding/changing/removing the custom resource e.g. ocp.yaml.

Hope this helps!

[JTG2020]

@disposab1e I started playing around with ocp.yaml. I installed operator and did not create instance of ArgoCD from operator. Rather i modified ocp.yaml file to use specific images from OpenShift registry. Applied ocp.yaml and i don;t see any resources coming up i.e. i don;t see any pods, configmaps etc coming up in openshift. I am just seeing operator pod running in argocd project. Not sure what i am doing wrong or where to check for any errors. openshift events don;t have anything.

[disposab1e]

@JTG2020 Do you apply the Custom Resource (ocp.yaml) to the same namespace the operator is installed?

[JTG2020]

yes i did make sure that i am running apply in same namespace. I do see operator pod running but none of the resources coming up. However if i create ArgoCD instance from Operator, all goes well.

[JTG2020]

@disposab1e i did further digging on the issue and realized that existing groups did not clean up on deletion of operator which was causing issue with ocp.yaml file. After manually cleaning up groups, i could apply ocp.yaml successfully. Please ignore earlier message. Thanks for your time. I intend to play more with this file.

[JTG2020]

@disposab1e as i continue to do testing, I found one issue and am not sure if it is related to configuration but i want to mention it here. The Openshft SSO works fine however I am not getting any username when i sign in with SSO. We are using OKTA as identity provider in OpenShift. So basically users are first getting authenticated in OKTA and then callback happens to ArgoCD. I am not sure at what stage username is getting lost. Are there any additional configurations needed in dex when Openshift uses external idp.

[disposab1e]

@JTG2020 The dex implementation for OpenShift OAuth is from an RedHat engineer. He is aware that the user is not shown on the Argo CD Web UI but still exists :-) So this can be an dex problem or a problem from Argo CD working with dex. So not really a problem in functionality.

[JTG2020]

@disposab1e yes RedHat engineer fixed this issue. I used now updated image. However changes yet to be merged to upstream. I am hoping those changes will be made here as well. There is new images for dex.

[disposab1e]

@JTG2020 You can set: dex.image.tag in your CR to change it.