DevFW-CICD/argocd-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(argo-workflows): Add dev/delegated auth (#1048)

Browse source 
* add commented server auth disable option

Signed-off-by: reinvantveer <reinvantveer@gmail.com>

* add sectioned server authentication documentation

Signed-off-by: reinvantveer <reinvantveer@gmail.com>

* add change notes

Signed-off-by: reinvantveer <reinvantveer@gmail.com>

* fix helm-docs checksum error

Signed-off-by: reinvantveer <reinvantveer@gmail.com>

* revert dropped `volumeMounts` docs entry by removing whitespace above commented-out `extraArgs`

Signed-off-by: reinvantveer <rein@vantveer.me>

* add extra comment on disabling auth

Signed-off-by: reinvantveer <rein@vantveer.me>
This commit is contained in:
Rein van 't Veer 2021-12-06 11:01:50 +01:00 committed by GitHub
parent 9b35844af7
commit 16a3b26f0e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
charts/argo-workflows/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: argo-workflows name: argo-workflows
description: A Helm chart for Argo Workflows description: A Helm chart for Argo Workflows
type: application type: application
version: 0.9.2 version: 0.9.3
appVersion: v3.2.4 appVersion: v3.2.4
icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
@ -15,4 +15,4 @@ maintainers:
- name: benjaminws - name: benjaminws
annotations: annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- "[Fixed]: Added missing WorkflowTaskSets RBAC to controller" - "[Added]: Added documentation and (default disabled) settings for dev-mode or delegated server authentication"

8
charts/argo-workflows/README.md
View file

@ -15,8 +15,14 @@ A few options are:
## Usage Notes ## Usage Notes
### Workflow controller
This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs.
### Workflow server authentication
By default, the chart requires some kind of authentication mechanism. This adopts the [default behaviour from the Argo project](https://github.com/argoproj/argo-workflows/pull/5211) itself. However, for local development purposes, or cases where your gateway authentication is covered by some other means, you can set the authentication mode for the Argo server by setting the `server.extraArgs: [--auth-mode=server]`. There are a few additional comments in the values.yaml file itself, including commented-out settings to disable authentication on the server UI itself using the same `--auth-mode=server` setting.
## Values ## Values
The `values.yaml` contains items used to tweak a deployment of this chart. The `values.yaml` contains items used to tweak a deployment of this chart.
@ -136,7 +142,7 @@ Fields to note:
| server.clusterWorkflowTemplates.enableEditing | bool | `true` | Give the server permissions to edit ClusterWorkflowTemplates. | | server.clusterWorkflowTemplates.enableEditing | bool | `true` | Give the server permissions to edit ClusterWorkflowTemplates. |
| server.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. | | server.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. |
| server.enabled | bool | `true` | Deploy the Argo Server | | server.enabled | bool | `true` | Deploy the Argo Server |
| server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary. | | server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary, such as for disabling authentication. |
| server.extraContainers | list | `[]` | Extra containers to be added to the server deployment | | server.extraContainers | list | `[]` | Extra containers to be added to the server deployment |
| server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container | | server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container |
| server.image.registry | string | `"quay.io"` | Registry to use for the server | | server.image.registry | string | `"quay.io"` | Registry to use for the server |

6
charts/argo-workflows/README.md.gotmpl
View file

@ -15,8 +15,14 @@ A few options are:
## Usage Notes ## Usage Notes
### Workflow controller
This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs.
### Workflow server authentication
By default, the chart requires some kind of authentication mechanism. This adopts the [default behaviour from the Argo project](https://github.com/argoproj/argo-workflows/pull/5211) itself. However, for local development purposes, or cases where your gateway authentication is covered by some other means, you can set the authentication mode for the Argo server by setting the `server.extraArgs: [--auth-mode=server]`. There are a few additional comments in the values.yaml file itself, including commented-out settings to disable authentication on the server UI itself using the same `--auth-mode=server` setting.
## Values ## Values
The `values.yaml` contains items used to tweak a deployment of this chart. The `values.yaml` contains items used to tweak a deployment of this chart.

8
charts/argo-workflows/values.yaml
View file

@ -356,8 +356,14 @@ server:
# - name: FOO # - name: FOO
# value: "bar" # value: "bar"
# -- Extra arguments to provide to the Argo server binary. # -- Extra arguments to provide to the Argo server binary, such as for disabling authentication.
extraArgs: [] extraArgs: []
# If you want to disable authentication for purposes such as:
# - local dev-mode without authentication
# - gateway authentication through some other service such as KeyCloak
# uncomment the lines below and comment out the default empty list `extraArgs: []` above:
# extraArgs:
# - --auth-mode=server
# -- Additional volume mounts to the server main container. # -- Additional volume mounts to the server main container.
volumeMounts: [] volumeMounts: []