[argo] Create aggregate roles as pre-install hook (#69)
This commit is contained in:
Naseem
Alex Collins
parent
add39cf90b
commit
02ae101dbe
3 changed files with 77 additions and 1 deletions
|
|
@ -2,4 +2,4 @@ apiVersion: v1
|
||||||
appVersion: "v2.2.1"
|
appVersion: "v2.2.1"
|
||||||
description: A Helm chart for Kubernetes
|
description: A Helm chart for Kubernetes
|
||||||
name: argo
|
name: argo
|
||||||
version: 0.3.2
|
version: 0.4.0
|
||||||
|
|
|
||||||
74
charts/argo/templates/workflow-aggregate-roles.yaml
Normal file
74
charts/argo/templates/workflow-aggregate-roles.yaml
Normal file
|
|
@ -0,0 +1,74 @@
|
||||||
|
{{- if .Values.createAggregateRoles }}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
helm.sh/hook: pre-install
|
||||||
|
helm.sh/hook-delete-policy: before-hook-creation
|
||||||
|
name: argo-aggregate-to-view
|
||||||
|
labels:
|
||||||
|
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- argoproj.io
|
||||||
|
resources:
|
||||||
|
- workflows
|
||||||
|
- workflows/finalizers
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
helm.sh/hook: pre-install
|
||||||
|
helm.sh/hook-delete-policy: before-hook-creation
|
||||||
|
name: argo-aggregate-to-edit
|
||||||
|
labels:
|
||||||
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- argoproj.io
|
||||||
|
resources:
|
||||||
|
- workflows
|
||||||
|
- workflows/finalizers
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- deletecollection
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- update
|
||||||
|
- watch
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
helm.sh/hook: pre-install
|
||||||
|
helm.sh/hook-delete-policy: before-hook-creation
|
||||||
|
name: argo-aggregate-to-admin
|
||||||
|
labels:
|
||||||
|
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- argoproj.io
|
||||||
|
resources:
|
||||||
|
- workflows
|
||||||
|
- workflows/finalizers
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- deletecollection
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- update
|
||||||
|
- watch
|
||||||
|
{{- end }}
|
||||||
|
|
@ -12,6 +12,8 @@ init:
|
||||||
# being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info.
|
# being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info.
|
||||||
serviceAccount: ""
|
serviceAccount: ""
|
||||||
|
|
||||||
|
createAggregateRoles: true
|
||||||
|
|
||||||
controller:
|
controller:
|
||||||
# podAnnotations is an optional map of annotations to be applied to the controller Pods
|
# podAnnotations is an optional map of annotations to be applied to the controller Pods
|
||||||
podAnnotations: {}
|
podAnnotations: {}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue