feat(argo-workflows): allow additional rules for service account that runs the workflows (#3186)

* feat(argo-workflows): allow additional rules for service account that runs the workflows Signed-off-by: fuyuan.chu <fuyuan.chu@airwallex.com> * Update charts/argo-workflows/templates/controller/workflow-role.yaml Co-authored-by: Aikawa <yu.croco@gmail.com> Signed-off-by: awx-fuyuanchu <86345114+awx-fuyuanchu@users.noreply.github.com> --------- Signed-off-by: fuyuan.chu <fuyuan.chu@airwallex.com> Signed-off-by: awx-fuyuanchu <86345114+awx-fuyuanchu@users.noreply.github.com> Co-authored-by: Aikawa <yu.croco@gmail.com>
2025-03-03 14:08:40 +08:00 · 2025-03-03 14:08:40 +08:00 · 02dcd41ec1
commit 02dcd41ec1
parent 68604eb508
4 changed files with 8 additions and 2 deletions
--- a/charts/argo-workflows/Chart.yaml
+++ b/charts/argo-workflows/Chart.yaml
@ -3,7 +3,7 @@ appVersion: v3.6.4
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.45.8
+version: 0.45.9
 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@ -17,4 +17,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: added
-      description: Support livenessProbe to server
+      description: Support additional rules for service account that runs workflows
--- a/charts/argo-workflows/README.md
+++ b/charts/argo-workflows/README.md
@ -136,6 +136,7 @@ Fields to note:
 | workflow.rbac.agentPermissions | bool | `false` | Allows permissions for the Argo Agent. Only required if using http/plugin templates |
 | workflow.rbac.artifactGC | bool | `false` | Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc |
 | workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) |
 | workflow.rbac.rules | list | `[]` | Additional rules for the service account that runs the workflows. |
 | workflow.rbac.serviceAccounts | list | `[]` | Extra service accounts to be added to the RoleBinding |
 | workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | workflow.serviceAccount.create | bool | `false` | Specifies whether a service account should be created |
--- a/charts/argo-workflows/templates/controller/workflow-role.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-role.yaml
@ -18,6 +18,9 @@ rules:
    verbs:
      - create
      - patch
  {{- with $.Values.workflow.rbac.rules }}
    {{- toYaml . | nindent 2 }}
  {{- end }}
  {{- end }}
 {{- end }}
--- a/charts/argo-workflows/values.yaml
+++ b/charts/argo-workflows/values.yaml
@ -77,6 +77,8 @@ workflow:
    serviceAccounts: []
      # - name: my-service-account
      #   namespace: my-namespace
    # -- Additional rules for the service account that runs the workflows.
    rules: []
 controller:
  image: