DEVHIDE
Login Or Sign up

Integrating SSO for Argo Workflows using Keycloak

1k Views Asked by At

I have a requirement to integrate SSO for Argo-workflow and for these we have made necessary changes in quick-start-postgres.yaml.

Here is the yaml file we are using to start argo locally. https://raw.githubusercontent.com/argoproj/argo-workflows/master/manifests/quick-start-postgres.yaml

And below are the sections we are modifying to support for SSO integration

Deployment section:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: argo-server
spec:
  selector:
    matchLabels:
      app: argo-server
  template:
    metadata:
      labels:
        app: argo-server
    spec:
      containers:
      - args:
        - server
        - --namespaced
        - --auth-mode=sso

workflow-controller-configmap section :

apiVersion: v1
data:
  sso: |
    # This is the root URL of the OIDC provider (required).
    issuer: http://localhost:8080/auth/realms/master
    # This is name of the secret and the key in it that contain OIDC client
    # ID issued to the application by the provider (required).
    clientId:
      name: dummyClient
      key: client-id
    # This is name of the secret and the key in it that contain OIDC client
    # secret issued to the application by the provider (required).
    clientSecret:
      name: jdgcFxs26SdxdpH9Z5L33QCFAmGYTzQB
      key: client-secret
    # This is the redirect URL supplied to the provider (required). It must
    # be in the form <argo-server-root-url>/oauth2/callback. It must be
    # browser-accessible.
    redirectUrl: http://localhost:2746/oauth2/callback
  artifactRepository: |
    s3:
      bucket: my-bucket

We are starting the argo by issuing below 2 commands

kubectl apply -n argo -f modified-file/quick-start-postgres.yaml

kubectl -n argo port-forward svc/argo-server 2746:2746

After executing above commands and trying to login as Single-sign on , it is not getting redirected to provide login option for keycloak user. Instead it us redirected to https://localhost:2746/oauth2/redirect?redirect=https://localhost:2746/workflows

This page isn’t working localhost is currently unable to handle this request. HTTP ERROR 501

What could be the issue here ? are we missing anything here ??

Is there arguments needed to pass while starting the Argo?

Can someone please suggest something on this.

kubernetes single-sign-on argocd argo-workflows argo
Original Q&A
1

There are 1 best solutions below

0
On

Try adding --auth-mode=client to your argo-server container args

Related Questions in KUBERNETES

Related Questions in SINGLE-SIGN-ON

Related Questions in ARGOCD

Related Questions in ARGO-WORKFLOWS

Related Questions in ARGO

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.