C0: docs — default argocd login to --sso; drop extraneous --grpc-web
Now that argocd's Authentik OAuth2 client is public, `argocd login --sso` works for day-to-day use. Promote it to the default in AGENTS.md, argocd-cli reference, and troubleshooting; keep the admin/password flow documented as a break-glass fallback for when Authentik is unavailable. Also drops --grpc-web from every interactive login command — confirmed extraneous (login succeeds without it). Left in CI workflows and `argocd cluster add` untouched; those are different contexts that I didn't re-test. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
86317315ed
commit
7d94b9073a
5 changed files with 23 additions and 20 deletions
|
|
@ -25,7 +25,7 @@ kubectl wait --for=condition=available deployment/argocd-server -n argocd --time
|
|||
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d && echo
|
||||
|
||||
# 5. Login and change password
|
||||
argocd login argocd.tail8d86e.ts.net --username admin --grpc-web
|
||||
argocd login argocd.tail8d86e.ts.net --username admin
|
||||
argocd account update-password
|
||||
|
||||
# 6. Apply repo-creds-forge credential template for SSH access to all forge repos
|
||||
|
|
@ -114,4 +114,4 @@ spec:
|
|||
Future improvement: integrate with a secrets operator (e.g., External Secrets).
|
||||
- The credential template (`repo-creds`) uses a URL prefix to match all repos on forge.
|
||||
- ArgoCD uses Tailscale Ingress with Let's Encrypt for TLS termination.
|
||||
- The `--grpc-web` flag is required for CLI access through the Tailscale ingress.
|
||||
- After Authentik is up, prefer `argocd login argocd.ops.eblu.me --sso` over the admin password login above; admin is only needed during bootstrap or as break-glass.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue