1、在身份提供者中注册应用
官网配置参考:https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/
登陆入gitlab工具进入,创建应用
2、编辑配置
添加openldap配置,参考地址https://dexidp.io/docs/connectors/ldap/
cat > argocd-config.yaml <<eof
apiVersion: v1
data:
dex.config: |
connectors:
- type: ldap
name: ldap用户登陆
id: ldap
config:
host: 10.0.7.62:389
insecureNoSSL: true
insecureSkipVerify: true
bindDN: "$dex.ldap.bindDN"
bindPW: "$dex.ldap.bindPW"
usernamePrompt: username
userSearch:
baseDN: ou=user,dc=yht,dc=cn
filter: "(objectClass=posixAccount)"
username: cn
idAttr: uid
emailAttr: mail
groupSearch:
baseDN: ou=group,dc=yht,dc=cn
filter: "(cn=argocd)"
userMatchers:
- userAttr: cn
groupAttr: uniqueMember
nameAttr: cn
# argocd的访问地址
url: https://10.0.7.21:32471
eof
kubectl -n argocd patch secrets argocd-secret --patch "{\"data\":{\"dex.ldap.bindPW\":\"$(echo youer-password | base64 -w 0)\"}}"
kubectl -n argocd patch secrets argocd-secret --patch "{\"data\":{\"dex.ldap.bindDN\":\"$(echo cn=admin,dc=yht,dc=cn | base64 -w 0)\"}}"
3、访问登陆
