1

I want to integrate ARGO with keycloak to enable SSO and we made necessary changes in quick-start-postgres.yaml.

Here is the yaml file we are using to start argo locally. https://raw.githubusercontent.com/argoproj/argo-workflows/master/manifests/quick-start-postgres.yaml

And below are the sections we are modifying to support for SSO integration

Deployment section:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: argo-server
spec:
  selector:
    matchLabels:
      app: argo-server
  template:
    metadata:
      labels:
        app: argo-server
    spec:
      containers:
      - args:
        - server
        - --auth-mode=sso

workflow-controller-configmap section :

apiVersion: v1
data:
  sso: |
    # This is the root URL of the OIDC provider (required).
    issuer: http://notebook3254:8080/auth/realms/master
    # This is name of the secret and the key in it that contain OIDC client
    # ID issued to the application by the provider (required).
    clientId:
      name: client-id-secret4
      key: client-id-key
    # This is name of the secret and the key in it that contain OIDC client
    # secret issued to the application by the provider (required).
    clientSecret:
      name: client-secret-secret4
      key: client-secret-key
    # This is the redirect URL supplied to the provider (required). It must
    # be in the form <argo-server-root-url>/oauth2/callback. It must be
    # browser-accessible.
    redirectUrl: http://localhost:2746/oauth2/callback
  artifactRepository: |
    s3:
      bucket: my-bucket

In KeyCloak UI new client **"avatar" **is created and made it as confidential and for the same secrets are generated "rBbvw4sNXk3Ssh1jV1NdIkDRN22xGBFP".

the redirect uri for the created client is :

keycloak_redirect_uri_snapshot

Also at kubernates level, we are creating secrets for the both client-id, client secrets generated in keycloak.

kubectl create secret -n argo generic client-id-secret4 --from-literal=client-id-key=avatar kubectl create secret -n argo generic client-secret-secret4 --from-literal=client-secret-key=rBbvw4sNXk3Ssh1jV1NdIkDRN22xGBFP

We are starting the argo by issuing below 2 commands

kubectl apply -n argo -f modified-file/quick-start-postgres.yaml kubectl -n argo port-forward svc/argo-server 2746:2746

After executing above commands and trying to login as Single-sign on , it is getting redirected to keycloak ui but it is showing issue as below.

redirect_page_snapshot

and below are the logs getting printed in kubernates .

logs_snapshot

can someone help me on this?

TheAnalogyGuy
  • 376
  • 2
  • 9
Yashwanthkumar Ht
  • 31
  • 2

0 Answers0