github.com/argoproj/argo-cd/v2@v2.10.9/docs/operator-manual/web_based_terminal.md (about) 1 # Web-based Terminal 2 3  4 5 Since v2.4, Argo CD has a web-based terminal that allows you to get a shell inside a running pod just like you would with 6 `kubectl exec`. It's basically SSH from your browser, full ANSI color support and all! However, for security this feature 7 is disabled by default. 8 9 This is a powerful privilege. It allows the user to run arbitrary code on any Pod managed by an Application for which 10 they have the `exec/create` privilege. If the Pod mounts a ServiceAccount token (which is the default behavior of 11 Kubernetes), then the user effectively has the same privileges as that ServiceAccount. 12 13 ## Enabling the terminal 14 <!-- Use indented code blocks for the numbered list to prevent breaking the numbering. See #11590 --> 15 16 1. Set the `exec.enabled` key to `"true"` on the `argocd-cm` ConfigMap. 17 18 2. Patch the `argocd-server` Role (if using namespaced Argo) or ClusterRole (if using clustered Argo) to allow `argocd-server` 19 to exec into pods 20 21 - apiGroups: 22 - "" 23 resources: 24 - pods/exec 25 verbs: 26 - create 27 28 29 3. Add RBAC rules to allow your users to `create` the `exec` resource, i.e. 30 31 p, role:myrole, exec, create, */*, allow 32 33 34 See [RBAC Configuration](rbac.md#exec-resource) for more info. 35 36 ## Changing allowed shells 37 38 By default, Argo CD attempts to execute shells in this order: 39 40 1. bash 41 2. sh 42 3. powershell 43 4. cmd 44 45 If none of the shells are found, the terminal session will fail. To add to or change the allowed shells, change the 46 `exec.shells` key in the `argocd-cm` ConfigMap, separating them with commas.