In your ArgoCD helm values.yaml file create a new user by adding it to the ConfigMap named argocd-cm.yaml, example here I will add a user named devs-read-only, which will have read only and login capabilities:
## Argo Configs
configs:
# General Argo CD configuration
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
cm:
# -- Create the argocd-cm configmap for [declarative setup]
create: true
accounts.devs-read-only: login
accounts.devs-read-only.enabled: "true"We also need to add the permissions to allow devs-read-only account to get logs and Applications:
configs:
rbac:
...
create: true
...
policy.csv: |
# p, subject, resource, action, object, effect
p, devs-read-only, logs, get, *, allow
p, devs-read-only, applications, get, */*, allowPush your changes and wait for ArgoCD to create the new user in Settings > Accounts:
Login to argocd using the CLI:
argocd login argocd-example.comNow let's change the password, by default it uses the same password as admin account:
argocd account update-password \
--account devs-read-only \
--current-password <current-user-admin-password> \
--new-password <new-user-password>Expected success output will be:
Password updatedNow you should be able to login with dev-read-only user or account which will allow you to list all apps and read logs but not delete, sync or do other actions. That will be reserved for admin only. Even if you try to delete an Application, restart deployment or anything you will receive an error message this is exactly what we want.
