Open chilianyi opened 1 year ago
Try the following steps to complete the ldap sync.
kubectl -n argocd edit configmaps argocd-cm
patch kubesphere ldap config
url
The value of url is the domain name redirected after successful ldap login, please make sure it can be accessed
apiVersion: v1
metadata:
data:
url : https://172.37.88.21:30809/
dex.config: |-
connectors:
- type: ldap
name: ks ldap
id: ldap
config:
host: openldap.kubesphere-system.svc
insecureNoSSL: true
insecureSkipVerify: true
bindDN: "$dex.ldap.bindDN"
bindPW: "$dex.ldap.bindPW"
usernamePrompt: Username
userSearch:
baseDN: "ou=Users,dc=kubesphere,dc=io"
filter: "(objectClass=person)"
username: uid
idAttr: uid
emailAttr: uid
nameAttr: cn
groupSearch:
baseDN: "ou=Groups,dc=kubesphere,dc=io"
filter: "(objectClass=groupOfUniqueNames)"
userAttr: DN
groupAttr: uniqueMember
nameAttr: cn
kubectl -n argocd patch secrets argocd-secret --patch "{\"data\":{\"dex.ldap.bindPW\":\"$(echo admin | base64)\"}}"
kubectl -n argocd patch secrets argocd-secret --patch "{\"data\":{\"dex.ldap.bindDN\":\"$(echo cn=admin,dc=kubesphere,dc=io| base64 )\"}}"
3. update rbac role
kubecl -n argocd edit configmap argocd-rbac-cm
update kubesphere admin role
kind: ConfigMap apiVersion: v1 metadata: name: argocd-rbac-cm namespace: argocd labels: app.kubernetes.io/component: server app.kubernetes.io/instance: devops app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: argocd-rbac-cm app.kubernetes.io/part-of: argocd helm.sh/chart: argo-cd-4.4.0 annotations: meta.helm.sh/release-name: devops meta.helm.sh/release-namespace: argocd data: policy.csv: | g, admin@kubesphere.io, role:admin policy.default: 'role:readonly' scopes: '[email, group]'
3. restart the dex-server and argocd-server
kubectl rollout -n argocd restart deployment devops-argocd-server devops-argocd-dex-server
oepn arogcd-server
![image](https://github.com/kubesphere/ks-devops/assets/14897634/8e71a8ff-2109-4fda-8c9c-66ebcb8685c3)
use kubesphere account login argocd
![image](https://github.com/kubesphere/ks-devops/assets/14897634/287a46b3-d1d8-46b7-a8c9-bf525f2d2be2)
login success
![image](https://github.com/kubesphere/ks-devops/assets/14897634/91e842fe-ccb6-462b-b028-10afdb03999d)
What is version of KubeSphere DevOps has the issue?
v3.3.1
How did you install the Kubernetes? Or what is the Kubernetes distribution?
kubekey
Describe this feature
Like jenkins, use ldap to sync account between kubesphere and argocd
Create account in ks, able to sign in argocd with the username and password.
Additional information
No response