1、在身份提供者中注册应用
官网配置参考:https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/
登陆入gitlab工具进入,创建应用
2、编辑配置
添加openldap配置,参考地址https://dexidp.io/docs/connectors/ldap/
主要参考:https://www.opsmx.com/blog/how-to-setup-ldap-and-openldap-for-argocd/
openldap组配置
openldap用户配置
配置argocd通过dex接入openldap
[root@k8s-master01 test]# kubectl get cm -n argocd
NAME DATA AGE
argocd-cm 2 12d
argocd-cmd-params-cm 0 12d
argocd-gpg-keys-cm 0 12d
argocd-notifications-cm 10 2d4h
argocd-rbac-cm 1 12d
argocd-redis-ha-configmap 7 12d
argocd-redis-ha-health-configmap 3 12d
argocd-ssh-known-hosts-cm 1 12d
argocd-tls-certs-cm 0 12d
kube-root-ca.crt 1 12d
[root@k8s-master01 test]# kubectl edit cm argocd-cm -n argocd
apiVersion: v1
data:
dex.config: |
connectors:
- type: ldap
name: ldap用户登陆
id: ldap
config:
host: 10.0.7.62:389
insecureNoSSL: true
insecureSkipVerify: true
bindDN: "$dex.ldap.bindDN"
bindPW: "$dex.ldap.bindPW"
usernamePrompt: username
userSearch:
baseDN: ou=user,dc=yht,dc=cn
filter: ""
username: cn
idAttr: uid
emailAttr: mail
groupSearch:
baseDN: ou=group,dc=yht,dc=cn
#filter: "(objectClass=groupOfUniqueNames)"
filter: "(cn=argocd)" # 过滤小弟组
userMatchers:
- userAttr: DN
groupAttr: uniqueMember # 过滤加入组的用户属性
nameAttr: cn
groupSearch:
baseDN: ou=group,dc=yht,dc=cn
filter: "(cn=leader-argocd)" #过滤领导组
userMatchers:
- userAttr: DN
groupAttr: uniqueMember # 过滤加入组的用户属性
nameAttr: cn
url: https://10.0.7.21:32471 # 接入dex,https://10.0.7.21:32471此地址为argocd的访问地址
kubectl -n argocd patch secrets argocd-secret --patch "{\"data\":{\"dex.ldap.bindPW\":\"$(echo youer-password | base64 -w 0)\"}}"
kubectl -n argocd patch secrets argocd-secret --patch "{\"data\":{\"dex.ldap.bindDN\":\"$(echo cn=admin,dc=yht,dc=cn | base64 -w 0)\"}}"
3、访问登陆
