update the web based terminal docs

Signed-off-by: nitishfy <[email protected]>
nitishfy · Aug 21, 2024 · a6e8f48 · a6e8f48
1 parent 69ef68f
commit a6e8f48
Showing 1 changed file with 33 additions and 5 deletions.
diff --git a/docs/operator-manual/web_based_terminal.md b/docs/operator-manual/web_based_terminal.md
@@ -13,24 +13,52 @@ Kubernetes), then the user effectively has the same privileges as that ServiceAc
 ## Enabling the terminal
 <!-- Use indented code blocks for the numbered list to prevent breaking the numbering. See #11590 -->
 
-1. Set the `exec.enabled` key to `"true"` on the `argocd-cm` ConfigMap.
+1. Set the `exec.enabled` key to `"true"` on the `argocd-cm` ConfigMap in the `data` field. This enables the exec feature in Argo CD.
+
+    ```
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: argocd-cm
+      namespace: <namespace>  # Replace <namespace> with your actual namespace
+    data:
+      exec.enabled: "true"
+    ```
 
 2. Patch the `argocd-server` Role (if using namespaced Argo) or ClusterRole (if using clustered Argo) to allow `argocd-server`
-to exec into pods
+to `exec` into pods
 
         - apiGroups:
           - ""
           resources:
           - pods/exec
           verbs:
           - create
-
+    If you'd like to perform the patch by imperative way, you can use the following command:
+        
+    - For namespaced Argo
+         ```
+         kubectl patch role <argocd-server-role-name> -n argocd - type='json' -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": ["*"], "resources": ["pods/exec"], "verbs": ["create"]}}]'
+         ```
+    - For clustered Argo
+         ````
+         kubectl patch clusterrole <argocd-server-clusterrole-name> - type='json' -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": ["*"], "resources": ["pods/exec"], "verbs": ["create"]}}]'
+         ```
 
 3. Add RBAC rules to allow your users to `create` the `exec` resource, i.e. 
 
         p, role:myrole, exec, create, */*, allow
-
-
+    You can use any key you'd like to use in the `data` field, something like
+    ```
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: <configmap-name>
+      namespace: <namespace>
+    data:
+      policy.conf: |  # The key might differ based on the actual configuration
+      p, role:myrole, exec, create, */*, allow
+    ```
 See [RBAC Configuration](rbac.md#exec-resource) for more info.
 
 ## Changing allowed shells