[argo] Create aggregate roles as pre-install hook (#69)
This commit is contained in:
Naseem
Alex Collins
parent
add39cf90b
commit
02ae101dbe
3 changed files with 77 additions and 1 deletions
|
|
@ -2,4 +2,4 @@ apiVersion: v1
|
|||
appVersion: "v2.2.1"
|
||||
description: A Helm chart for Kubernetes
|
||||
name: argo
|
||||
version: 0.3.2
|
||||
version: 0.4.0
|
||||
|
|
|
|||
74
charts/argo/templates/workflow-aggregate-roles.yaml
Normal file
74
charts/argo/templates/workflow-aggregate-roles.yaml
Normal file
|
|
@ -0,0 +1,74 @@
|
|||
{{- if .Values.createAggregateRoles }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
annotations:
|
||||
helm.sh/hook: pre-install
|
||||
helm.sh/hook-delete-policy: before-hook-creation
|
||||
name: argo-aggregate-to-view
|
||||
labels:
|
||||
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||
rules:
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- workflows
|
||||
- workflows/finalizers
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
annotations:
|
||||
helm.sh/hook: pre-install
|
||||
helm.sh/hook-delete-policy: before-hook-creation
|
||||
name: argo-aggregate-to-edit
|
||||
labels:
|
||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||
rules:
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- workflows
|
||||
- workflows/finalizers
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- deletecollection
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
metadata:
|
||||
annotations:
|
||||
helm.sh/hook: pre-install
|
||||
helm.sh/hook-delete-policy: before-hook-creation
|
||||
name: argo-aggregate-to-admin
|
||||
labels:
|
||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||
rules:
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- workflows
|
||||
- workflows/finalizers
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- deletecollection
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
{{- end }}
|
||||
|
|
@ -12,6 +12,8 @@ init:
|
|||
# being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info.
|
||||
serviceAccount: ""
|
||||
|
||||
createAggregateRoles: true
|
||||
|
||||
controller:
|
||||
# podAnnotations is an optional map of annotations to be applied to the controller Pods
|
||||
podAnnotations: {}
|
||||
|
|
|
|||
Loading…
Reference in a new issue