Configuring SSO for OpenShift-GitOps v1.3
OpenShift-GitOps v1.3 will be out soon and here are some of the exciting enhancements to the Single sign-on functionality.
- Support for Dex OpenShift Connector.
- Dex will be installed Out of the box and configured to Login with OpenShift for the default Argo CD instance. Users can configure it for the Argo CD instances in other namespaces using this guide.
- OpenShift-GitOps will continue to support RHSSO. A detailed guide to configure RHSSO/Keycloak is available here.
Upgrading to v1.3
- Dex will not be installed and configured automatically with the OpenShift connector incase you are upgrading from v1.x to v1.3.
- Incase you have configured any SSO provider(Dex/RHSSO/OIDC configuration) to your Argo CD instance with 1.x version of OpenShift-Gitops, upgrading to v1.3 will not modify any of your existing configuration.
- To configure Dex with v1.3, Upgrade the operator version to v1.3 and Configure Dex as described in this guide.
Migrating from RHSSO to Dex in v1.3
- A user needs to remove the RHSSO configuration before migrating to Dex. This can be done by removing the “.spec.sso.provider: keycloak” fields from the Argo CD CR. You can also use this link to understand the process to uninstall RHSSO.
- Wait for the “LOG IN VIA KEYCLOAK” option on the Argo CD console to disappear.
- Configure Dex as described in this guide.
Migrating from Dex to RHSSO in v1.3
- A user needs to remove the Dex configuration before migrating to RHSSO. This can be done by removing the “.spec.dex” field from the Argo CD CR. Please note that you will still see dex pods running. To uninstall Dex completely set the
DISABLE_DEXenvironment var to
truein the Subscription resource of the operator. This is well explained here.
- Wait for the “LOG IN WITH OpenShift” option on the Argo CD console to disappear.
- Configure Keycloak as described in the guide.
Note: The process of migrating from one SSO provider to another will be made much simpler in the coming releases. The goal is to provide the ability to configure all the SSO providers under .spec.sso field of the Argo CD CR.
The below table provides a comparison between RHSSO and Dex.
Additional configuration required for RHSSO in the disconnected environment is explained here.
I hope you find this guide useful. Thanks for reading.