Install FSA in read-only mode?

[tommyreilly]

Hi,

The documentation at https://www.weave.works/blog/get-started-flamingo-flux-cd-subsystem-for-argo-cd suggests there is a --read-only-mode flag for the cli when installing it (in tenant/namespaced mode), but I don't see the flag actually available/referenced in the cli help (or when trying it):

flamingo install [--read-only-mode] [--dev --version=v2.8.3-dev]

I'd be keen to see such an option:

 % flamingo install --help
 
# Install the Flux Subsystem for Argo
flamingo install --version=v2.8.6

# Install the Flux Subsystem for Argo with the anonymous UI enabled
flamingo install --version=v2.8.6 --anonymous

Usage:
  flamingo install [flags]

Flags:
      --anonymous        enable anonymous UI
      --export           export manifests instead of installing
  -h, --help             help for install
      --mode string      installation mode [crds-only, all, tenant] (default "all")
  -v, --version string   version of Flamingo to install (default "v2.8.6")

Global Flags:
  -N, --app-ns string                  namespace where Flamingo and applications are located (default "argocd")
      --as string                      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
      --as-group stringArray           Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
      --as-uid string                  UID to impersonate for the operation.
      --cache-dir string               Default cache directory (default "/Users/tr658049/.kube/cache")
      --certificate-authority string   Path to a cert file for the certificate authority
      --client-certificate string      Path to a client certificate file for TLS
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
      --kube-api-burst int             The maximum burst queries-per-second of requests sent to the Kubernetes API. (default 300)
      --kube-api-qps float32           The maximum queries-per-second of requests sent to the Kubernetes API. (default 50)
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
  -n, --namespace string               If present, the namespace scope for this CLI request (default "flux-system")
      --server string                  The address and port of the Kubernetes API server
      --timeout duration               timeout for this operation (default 10m0s)
      --tls-server-name string         Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
      --token string                   Bearer token for authentication to the API server
      --user string                    The name of the kubeconfig user to use
      --verbose                        print generated objects

[chanwit]

Hi @tommyreilly

The read only mode can be enabled by --anonymous flag. Sorry for the confusion.

[tommyreilly]

Thanks @chanwit. I've provided that and, as I was expecting, it doesn't ask for authentication to the UI.

However, the UI itself once accessed using the anonymous flag does not seem to prevent access to functionality to attempt to create/update things unless I'm seeing something different than expected