feat(argo-workflows): added ability to deploy per-namespace controllers

Signed-off-by: Andrew Chubatiuk <andrew.chubatiuk@gmail.com>

charts/argo-workflows/templates/_helpers.tpl

@@ -11,7 +11,7 @@ Create argo workflows server name and version as used by the chart label.
 Create controller name and version as used by the chart label.
 */}}
 {{- define "argo-workflows.controller.fullname" -}}
-{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
+{{- printf "%s-%s" (include "argo-workflows.fullname" .) .controller.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
 {{/*
@@ -55,7 +55,7 @@ image.tag = v3.4.4@sha256:d06860f1394a94ac3ff8401126ef32ba28915aa6c3c982c7e607ea
 output    = v3.4.4
 */}}
 {{- define "argo-workflows.controller_chart_version_label" -}}
-{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag) "") "" | trunc 63 | quote -}}
+{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-workflows.defaultTag" .) .controller.image.tag) "") "" | trunc 63 | quote -}}
 {{- end -}}
 
 {{/*
@@ -101,7 +101,7 @@ app.kubernetes.io/component: {{ .component }}
 Create the name of the controller configMap
 */}}
 {{- define "argo-workflows.controller.config-map.name" -}}
-{{- .Values.controller.configMap.name | default (printf "%s-%s" (include "argo-workflows.controller.fullname" .) "configmap") | trunc 63 | trimSuffix "-" -}}
+{{- .controller.configMap.name | default (printf "%s-%s" (include "argo-workflows.controller.fullname" .) "configmap") | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
 {{/*
@@ -119,10 +119,10 @@ Create the name of the server service account to use
 Create the name of the controller service account to use
 */}}
 {{- define "argo-workflows.controllerServiceAccountName" -}}
-{{- if .Values.controller.serviceAccount.create -}}
+{{- if .controller.serviceAccount.create -}}
-    {{ default (include "argo-workflows.controller.fullname" .) .Values.controller.serviceAccount.name }}
+    {{ default (include "argo-workflows.controller.fullname" .) .controller.serviceAccount.name }}
 {{- else -}}
-    {{ default "default" .Values.controller.serviceAccount.name }}
+    {{ default "default" .serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 

charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml

@@ -1,12 +1,16 @@
 {{- range $cm_name, $cm_val := .Values.artifactRepositoryRef }}
+{{ $controllers := deepCopy $.Values.controllers | merge (dict (include "argo-workflows.namespace" $) $.Values.controller) }}
+{{ range $ns, $config := $controllers -}}
+{{ $controller := deepCopy $.Values.controller | merge $config -}}
+{{- $context := merge (dict "controller" $controller) $}}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ $cm_name }}
-  namespace: {{ include "argo-workflows.namespace" $ | quote }}
+  namespace: {{ $ns | quote }}
   labels:
-    {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $cm_name) | nindent 4 }}
+    {{- include "argo-workflows.labels" (dict "context" $context "component" $controller.name "name" $cm_name) | nindent 4 }}
   {{- with $cm_val.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
@@ -17,3 +21,4 @@ data:
     {{- toYaml $data_val | nindent 4 }}
   {{- end }}
 {{- end }}
+{{- end }}

charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml

@@ -1,10 +1,15 @@
 {{- if .Values.createAggregateRoles }}
+{{ $controllers := deepCopy $.Values.controllers | merge (dict (include "argo-workflows.namespace" $) $.Values.controller) }}
+{{ range $ns, $config := $controllers -}}
+{{ $controller := deepCopy $.Values.controller | merge $config -}}
+{{- $context := merge (dict "controller" $controller) $}}
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ template "argo-workflows.fullname" . }}-view
+  name: {{ template "argo-workflows.fullname" $context }}-view
   labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+    {{- include "argo-workflows.labels" (dict "context" $context "component" $controller.name "name" $controller.name) | nindent 4 }}
     rbac.authorization.k8s.io/aggregate-to-view: "true"
 rules:
 - apiGroups:
@@ -30,6 +35,7 @@ rules:
   - get
   - list
   - watch
+{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml

@@ -1,17 +1,18 @@
 {{- if .Values.controller.rbac.create }}
+{{- $context := merge (dict "controller" $.Values.controller) . }}
 apiVersion: rbac.authorization.k8s.io/v1
-{{- if .Values.singleNamespace }}
+{{- if and .Values.singleNamespace (eq (len .Values.controllers) 0) }}
 kind: Role
 {{- else }}
 kind: ClusterRole
 {{- end }}
 metadata:
-  name: {{ template "argo-workflows.controller.fullname" . }}
+  name: {{ template "argo-workflows.controller.fullname" $context }}
-  {{- if .Values.singleNamespace }}
+  {{- if and .Values.singleNamespace (eq (len .Values.controllers) 0) }}
   namespace: {{ include "argo-workflows.namespace" . | quote }}
   {{- end }}
   labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+    {{- include "argo-workflows.labels" (dict "context" $context "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 rules:
 - apiGroups:
   - ""
@@ -203,9 +204,9 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
+  name: {{ template "argo-workflows.controller.fullname" $context }}-cluster-template
   labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+    {{- include "argo-workflows.labels" (dict "context" $context "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 rules:
 - apiGroups:
   - argoproj.io

charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml

@@ -1,203 +1,209 @@
-{{- if .Values.controller.configMap.create }}
+{{ $controllers := deepCopy .Values.controllers | merge (dict (include "argo-workflows.namespace" .) .Values.controller) }}
+{{ range $ns, $config := $controllers -}}
+{{ $controller := deepCopy $.Values.controller | merge $config -}}
+{{- if $controller.configMap.create }}
+{{- $context := merge (dict "controller" $controller) $}}
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "argo-workflows.controller.config-map.name" . }}
+  name: {{ template "argo-workflows.controller.config-map.name" $context }}
-  namespace: {{ include "argo-workflows.namespace" . | quote }}
+  namespace: {{ $ns | quote }}
   labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }}
+    {{- include "argo-workflows.labels" (dict "context" $context "component" $controller.name "name" "cm") | nindent 4 }}
 data:
   config: |
-    {{- if .Values.controller.instanceID.enabled }}
+    {{- if $controller.instanceID.enabled }}
-      {{- if .Values.controller.instanceID.useReleaseName }}
+      {{- if $controller.instanceID.useReleaseName }}
-    instanceID: {{ .Release.Name }}
+    instanceID: {{ $.Release.Name }}
       {{- else }}
-    instanceID: {{ .Values.controller.instanceID.explicitID }}
+    instanceID: {{ $controller.instanceID.explicitID }}
       {{- end }}
     {{- end }}
-    {{- if .Values.controller.parallelism }}
+    {{- if $controller.parallelism }}
-    parallelism: {{ .Values.controller.parallelism }}
+    parallelism: {{ $controller.parallelism }}
     {{- end }}
-    {{- if .Values.controller.resourceRateLimit }}
+    {{- if $controller.resourceRateLimit }}
-    resourceRateLimit: {{- toYaml .Values.controller.resourceRateLimit | nindent 6 }}
+    resourceRateLimit: {{- toYaml $controller.resourceRateLimit | nindent 6 }}
     {{- end }}
-    {{- with .Values.controller.namespaceParallelism }}
+    {{- with $controller.namespaceParallelism }}
     namespaceParallelism: {{ . }}
     {{- end }}
-    {{- with .Values.controller.initialDelay }}
+    {{- with $controller.initialDelay }}
     initialDelay: {{ . }}
     {{- end }}
-    {{- if or .Values.mainContainer.resources .Values.mainContainer.env .Values.mainContainer.envFrom .Values.mainContainer.securityContext}}
+    {{- if or $.Values.mainContainer.resources $.Values.mainContainer.env $.Values.mainContainer.envFrom $.Values.mainContainer.securityContext}}
     mainContainer:
-      imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.mainContainer.imagePullPolicy }}
+      imagePullPolicy: {{ default (.Values.images.pullPolicy) $.Values.mainContainer.imagePullPolicy }}
-      {{- with .Values.mainContainer.resources }}
+      {{- with $.Values.mainContainer.resources }}
       resources: {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.mainContainer.env }}
+      {{- with $.Values.mainContainer.env }}
       env: {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.mainContainer.envFrom }}
+      {{- with $.Values.mainContainer.envFrom }}
       envFrom: {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.mainContainer.securityContext }}
+      {{- with $.Values.mainContainer.securityContext }}
       securityContext: {{- toYaml . | nindent 8 }}
       {{- end }}
     {{- end }}
-    {{- if or .Values.executor.resources .Values.executor.env .Values.executor.args .Values.executor.securityContext}}
+    {{- if or $.Values.executor.resources $.Values.executor.env $.Values.executor.args $.Values.executor.securityContext}}
     executor:
-      imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.executor.image.pullPolicy }}
+      imagePullPolicy: {{ default ($.Values.images.pullPolicy) $.Values.executor.image.pullPolicy }}
-      {{- with .Values.executor.resources }}
+      {{- with $.Values.executor.resources }}
       resources: {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.executor.args }}
+      {{- with $.Values.executor.args }}
       args: {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.executor.env }}
+      {{- with $.Values.executor.env }}
       env: {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.executor.securityContext }}
+      {{- with $.Values.executor.securityContext }}
       securityContext: {{- toYaml . | nindent 8 }}
       {{- end }}
     {{- end }}
-    {{- if or .Values.artifactRepository.s3 .Values.artifactRepository.gcs .Values.artifactRepository.azure .Values.customArtifactRepository }}
+    {{- if or $.Values.artifactRepository.s3 $.Values.artifactRepository.gcs $.Values.artifactRepository.azure $.Values.customArtifactRepository }}
     artifactRepository:
-      {{- if .Values.artifactRepository.archiveLogs }}
+      {{- if $.Values.artifactRepository.archiveLogs }}
-      archiveLogs: {{ .Values.artifactRepository.archiveLogs }}
+      archiveLogs: {{ $.Values.artifactRepository.archiveLogs }}
       {{- end }}
-      {{- with .Values.artifactRepository.gcs }}
+      {{- with $.Values.artifactRepository.gcs }}
       gcs: {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
-      {{- with .Values.artifactRepository.azure }}
+      {{- with $.Values.artifactRepository.azure }}
       azure: {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
-      {{- if .Values.artifactRepository.s3 }}
+      {{- if $.Values.artifactRepository.s3 }}
       s3:
-        {{- if .Values.useStaticCredentials }}
+        {{- if $.Values.useStaticCredentials }}
         accessKeySecret:
-          key: {{ tpl .Values.artifactRepository.s3.accessKeySecret.key . }}
+          key: {{ tpl $.Values.artifactRepository.s3.accessKeySecret.key . }}
-          name: {{ tpl .Values.artifactRepository.s3.accessKeySecret.name . }}
+          name: {{ tpl $.Values.artifactRepository.s3.accessKeySecret.name . }}
         secretKeySecret:
-          key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }}
+          key: {{ tpl $.Values.artifactRepository.s3.secretKeySecret.key . }}
-          name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }}
+          name: {{ tpl $.Values.artifactRepository.s3.secretKeySecret.name . }}
         {{- end }}
         bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }}
         endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }}
-        insecure: {{ .Values.artifactRepository.s3.insecure }}
+        insecure: {{ $.Values.artifactRepository.s3.insecure }}
-        {{- if .Values.artifactRepository.s3.caSecret }}
+        {{- if $.Values.artifactRepository.s3.caSecret }}
         caSecret:
-          name: {{ tpl .Values.artifactRepository.s3.caSecret.name . }}
+          name: {{ tpl $.Values.artifactRepository.s3.caSecret.name . }}
-          key: {{ tpl .Values.artifactRepository.s3.caSecret.key . }}
+          key: {{ tpl $.Values.artifactRepository.s3.caSecret.key . }}
         {{- end }}
-        {{- if .Values.artifactRepository.s3.keyFormat }}
+        {{- if $.Values.artifactRepository.s3.keyFormat }}
-        keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }}
+        keyFormat: {{ $.Values.artifactRepository.s3.keyFormat | quote }}
         {{- end }}
-        {{- if .Values.artifactRepository.s3.region }}
+        {{- if $.Values.artifactRepository.s3.region }}
-        region: {{ tpl .Values.artifactRepository.s3.region $ }}
+        region: {{ tpl $.Values.artifactRepository.s3.region $ }}
         {{- end }}
-        {{- if .Values.artifactRepository.s3.roleARN }}
+        {{- if $.Values.artifactRepository.s3.roleARN }}
-        roleARN: {{ .Values.artifactRepository.s3.roleARN }}
+        roleARN: {{ $.Values.artifactRepository.s3.roleARN }}
         {{- end }}
-        {{- if .Values.artifactRepository.s3.useSDKCreds }}
+        {{- if $.Values.artifactRepository.s3.useSDKCreds }}
-        useSDKCreds: {{ .Values.artifactRepository.s3.useSDKCreds }}
+        useSDKCreds: {{ $.Values.artifactRepository.s3.useSDKCreds }}
         {{- end }}
-        {{- with .Values.artifactRepository.s3.encryptionOptions }}
+        {{- with $.Values.artifactRepository.s3.encryptionOptions }}
         encryptionOptions:
           {{- toYaml . | nindent 10 }}
         {{- end }}
       {{- end }}
-      {{- if .Values.customArtifactRepository }}
+      {{- if $.Values.customArtifactRepository }}
-      {{- toYaml .Values.customArtifactRepository | nindent 6 }}
+      {{- toYaml $.Values.customArtifactRepository | nindent 6 }}
       {{- end }}
     {{- end }}
-    {{- if .Values.controller.metricsConfig.enabled }}
+    {{- if $controller.metricsConfig.enabled }}
     metricsConfig:
-      enabled: {{ .Values.controller.metricsConfig.enabled }}
+      enabled: {{ $controller.metricsConfig.enabled }}
-      path: {{ .Values.controller.metricsConfig.path }}
+      path: {{ $controller.metricsConfig.path }}
-      port: {{ .Values.controller.metricsConfig.port }}
+      port: {{ $controller.metricsConfig.port }}
-      {{- if .Values.controller.metricsConfig.metricsTTL }}
+      {{- if $controller.metricsConfig.metricsTTL }}
-      metricsTTL: {{ .Values.controller.metricsConfig.metricsTTL }}
+      metricsTTL: {{ $controller.metricsConfig.metricsTTL }}
       {{- end }}
-      ignoreErrors: {{ .Values.controller.metricsConfig.ignoreErrors }}
+      ignoreErrors: {{ $controller.metricsConfig.ignoreErrors }}
-      secure: {{ .Values.controller.metricsConfig.secure }}
+      secure: {{ $controller.metricsConfig.secure }}
     {{- end }}
-    {{- if .Values.controller.telemetryConfig.enabled }}
+    {{- if $controller.telemetryConfig.enabled }}
     telemetryConfig:
-      enabled: {{ .Values.controller.telemetryConfig.enabled }}
+      enabled: {{ $controller.telemetryConfig.enabled }}
-      path: {{ .Values.controller.telemetryConfig.path }}
+      path: {{ $controller.telemetryConfig.path }}
-      port: {{ .Values.controller.telemetryConfig.port }}
+      port: {{ $controller.telemetryConfig.port }}
-      {{- if .Values.controller.telemetryConfig.metricsTTL }}
+      {{- if $controller.telemetryConfig.metricsTTL }}
-      metricsTTL: {{ .Values.controller.telemetryConfig.metricsTTL }}
+      metricsTTL: {{ $controller.telemetryConfig.metricsTTL }}
       {{- end }}
-      ignoreErrors: {{ .Values.controller.telemetryConfig.ignoreErrors }}
+      ignoreErrors: {{ $controller.telemetryConfig.ignoreErrors }}
-      secure: {{ .Values.controller.telemetryConfig.secure }}
+      secure: {{ $controller.telemetryConfig.secure }}
     {{- end }}
-    {{- if .Values.controller.persistence }}
+    {{- if $controller.persistence }}
     persistence:
-{{ toYaml .Values.controller.persistence | indent 6 }}{{- end }}
+{{ toYaml $controller.persistence | indent 6 }}{{- end }}
-    {{- if .Values.controller.workflowDefaults }}
+    {{- if $controller.workflowDefaults }}
     workflowDefaults:
-{{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }}
+{{ toYaml $controller.workflowDefaults | indent 6 }}{{- end }}
-    {{- if .Values.server.sso.enabled }}
+    {{- if $.Values.server.sso.enabled }}
     sso:
-      issuer: {{ .Values.server.sso.issuer }}
+      issuer: {{ $.Values.server.sso.issuer }}
       clientId:
-        name: {{ .Values.server.sso.clientId.name }}
+        name: {{ $.Values.server.sso.clientId.name }}
-        key: {{ .Values.server.sso.clientId.key }}
+        key: {{ $.Values.server.sso.clientId.key }}
       clientSecret:
-        name: {{ .Values.server.sso.clientSecret.name }}
+        name: {{ $.Values.server.sso.clientSecret.name }}
-        key: {{ .Values.server.sso.clientSecret.key }}
+        key: {{ $.Values.server.sso.clientSecret.key }}
-      redirectUrl: {{ .Values.server.sso.redirectUrl | quote }}
+      redirectUrl: {{ $.Values.server.sso.redirectUrl | quote }}
       rbac:
-        enabled: {{ .Values.server.sso.rbac.enabled }}
+        enabled: {{ $.Values.server.sso.rbac.enabled }}
-      {{- with .Values.server.sso.scopes }}
+      {{- with $.Values.server.sso.scopes }}
       scopes: {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.server.sso.issuerAlias }}
+      {{- with $.Values.server.sso.issuerAlias }}
       issuerAlias: {{ toYaml . }}
       {{- end }}
-      {{- with .Values.server.sso.sessionExpiry }}
+      {{- with $.Values.server.sso.sessionExpiry }}
       sessionExpiry: {{ toYaml . }}
       {{- end }}
-      {{- with .Values.server.sso.customGroupClaimName }}
+      {{- with $.Values.server.sso.customGroupClaimName }}
       customGroupClaimName: {{ toYaml . }}
       {{- end }}
-      {{- with .Values.server.sso.userInfoPath }}
+      {{- with $.Values.server.sso.userInfoPath }}
       userInfoPath: {{ toYaml . }}
       {{- end }}
-      {{- with .Values.server.sso.insecureSkipVerify }}
+      {{- with $.Values.server.sso.insecureSkipVerify }}
       insecureSkipVerify: {{ toYaml . }}
       {{- end }}
-      {{- with .Values.server.sso.filterGroupsRegex }}
+      {{- with $.Values.server.sso.filterGroupsRegex }}
       filterGroupsRegex: {{- toYaml . | nindent 8 }}
       {{- end }}
     {{- end }}
-    {{- with .Values.controller.workflowRestrictions }}
+    {{- with $controller.workflowRestrictions }}
     workflowRestrictions: {{- toYaml . | nindent 6 }}
     {{- end }}
-    {{- with .Values.controller.links }}
+    {{- with $controller.links }}
     links: {{- toYaml . | nindent 6 }}
     {{- end }}
-    {{- with .Values.controller.columns }}
+    {{- with $controller.columns }}
     columns: {{- toYaml . | nindent 6 }}
     {{- end }}
-    {{- with .Values.controller.navColor }}
+    {{- with $controller.navColor }}
     navColor: {{ . }}
     {{- end }}
-    {{- with .Values.controller.retentionPolicy }}
+    {{- with $controller.retentionPolicy }}
     retentionPolicy: {{- toYaml . | nindent 6 }}
     {{- end }}
-    {{- with .Values.emissary.images }}
+    {{- with $.Values.emissary.images }}
     images: {{- toYaml . | nindent 6 }}
     {{- end }}
     nodeEvents:
-      enabled: {{ .Values.controller.nodeEvents.enabled }}
+      enabled: {{ $controller.nodeEvents.enabled }}
-    {{- with .Values.controller.kubeConfig }}
+    {{- with $controller.kubeConfig }}
     kubeConfig: {{- toYaml . | nindent 6 }}
     {{- end }}
-    {{- with .Values.controller.podGCGracePeriodSeconds }}
+    {{- with $controller.podGCGracePeriodSeconds }}
     podGCGracePeriodSeconds: {{ . }}
     {{- end }}
-    {{- with .Values.controller.podGCDeleteDelayDuration }}
+    {{- with $controller.podGCDeleteDelayDuration }}
     podGCDeleteDelayDuration: {{ . }}
     {{- end }}
+{{ end }}
 {{- end }}

charts/argo-workflows/templates/controller/workflow-controller-crb.yaml

@@ -1,45 +1,51 @@
 {{- if .Values.controller.rbac.create }}
+{{- $context := merge (dict "controller" $.Values.controller) . }}
+{{- $namespaces := keys (.Values.controllers | default (dict (include "argo-workflows.namespace" .) .Values.controller)) }}
 apiVersion: rbac.authorization.k8s.io/v1
-{{- if .Values.singleNamespace }}
+{{- if and .Values.singleNamespace (eq (len .Values.controllers) 0) }}
 kind: RoleBinding
 {{ else }}
 kind: ClusterRoleBinding
 {{- end }}
 metadata:
-  name: {{ template "argo-workflows.controller.fullname" . }}
+  name: {{ template "argo-workflows.controller.fullname" $context }}
-  {{- if .Values.singleNamespace }}
+  {{- if and .Values.singleNamespace (eq (len .Values.controllers) 0) }}
   namespace: {{ include "argo-workflows.namespace" . | quote }}
   {{- end }}
   labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+    {{- include "argo-workflows.labels" (dict "context" $context "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  {{- if .Values.singleNamespace }}
+  {{- if and .Values.singleNamespace (eq (len .Values.controllers) 0) }}
   kind: Role
   {{ else }}
   kind: ClusterRole
   {{- end }}
-  name: {{ template "argo-workflows.controller.fullname" . }}
+  name: {{ template "argo-workflows.controller.fullname" $context }}
 subjects:
+  {{ range $ns := $namespaces -}}
   - kind: ServiceAccount
-    name: {{ template "argo-workflows.controllerServiceAccountName" . }}
+    name: {{ template "argo-workflows.controllerServiceAccountName" $context }}
-    namespace: {{ include "argo-workflows.namespace" . | quote }}
+    namespace: {{ $ns | quote }}
+  {{ end }}
 
 {{- if .Values.controller.clusterWorkflowTemplates.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
+  name: {{ template "argo-workflows.controller.fullname" $context }}-cluster-template
   labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+    {{- include "argo-workflows.labels" (dict "context" $context "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
+  name: {{ template "argo-workflows.controller.fullname" $context }}-cluster-template
 subjects:
+  {{ range $ns := $namespaces -}}
   - kind: ServiceAccount
-    name: {{ template "argo-workflows.controllerServiceAccountName" . }}
+    name: {{ template "argo-workflows.controllerServiceAccountName" $context }}
-    namespace: {{ include "argo-workflows.namespace" . | quote }}
+    namespace: {{ $ns | quote }}
+  {{ end }}
 {{- end }}
 {{- end }}

charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml

@@ -1,20 +1,25 @@
-{{- if .Values.controller.pdb.enabled }}
+{{ $controllers := deepCopy $.Values.controllers | merge (dict (include "argo-workflows.namespace" $) $.Values.controller) }}
+{{ range $ns, $config := $controllers -}}
+{{ $controller := deepCopy $.Values.controller | merge $config -}}
+{{- $context := merge (dict "controller" $controller) $}}
+{{- if $controller.pdb.enabled }}
 apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
-  name: {{ template "argo-workflows.controller.fullname" . }}
+  name: {{ template "argo-workflows.controller.fullname" $context }}
-  namespace: {{ include "argo-workflows.namespace" . | quote }}
+  namespace: {{ $ns | quote }}
   labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+    {{- include "argo-workflows.labels" (dict "context" $context "component" $controller.name "name" $controller.name) | nindent 4 }}
 spec:
-  {{- if .Values.controller.pdb.minAvailable }}
+  {{- if $controller.pdb.minAvailable }}
-  minAvailable: {{ .Values.controller.pdb.minAvailable }}
+  minAvailable: {{ $controller.pdb.minAvailable }}
-  {{- else if .Values.controller.pdb.maxUnavailable }}
+  {{- else if $controller.pdb.maxUnavailable }}
-  maxUnavailable: {{ .Values.controller.pdb.maxUnavailable }}
+  maxUnavailable: {{ $controller.pdb.maxUnavailable }}
   {{- else }}
   minAvailable: 0
   {{- end }}
   selector:
     matchLabels:
-      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
+      {{- include "argo-workflows.selectorLabels" (dict "context" $context "name" $controller.name) | nindent 6 }}
+{{- end }}
 {{- end }}

charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml

@@ -1,83 +1,88 @@
+{{ $controllers := .Values.controllers | default (dict (include "argo-workflows.namespace" .) .Values.controller) -}}
+{{ range $ns, $config := $controllers -}}
+{{ $controller := deepCopy $.Values.controller | merge $config -}}
+{{- $context := merge (dict "controller" $controller) $ }}
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ template "argo-workflows.controller.fullname" . }}
+  name: {{ template "argo-workflows.controller.fullname" $context }}
-  namespace: {{ include "argo-workflows.namespace" . | quote }}
+  namespace: {{ $ns | quote }}
   labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+    {{- include "argo-workflows.labels" (dict "context" $ "component" $controller.name "name" $controller.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
+    app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" $context }}
-  {{- with .Values.controller.deploymentAnnotations }}
+  {{- with $controller.deploymentAnnotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  replicas: {{ .Values.controller.replicas }}
+  replicas: {{ $controller.replicas }}
-  revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }}
+  revisionHistoryLimit: {{ $controller.revisionHistoryLimit }}
   selector:
     matchLabels:
-      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
+      {{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $controller.name) | nindent 6 }}
   template:
     metadata:
       labels:
-        {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
+        {{- include "argo-workflows.labels" (dict "context" $context "component" $controller.name "name" $controller.name) | nindent 8 }}
-        app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
+        app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" $context }}
-        {{- with.Values.controller.podLabels }}
+        {{- with $controller.podLabels }}
           {{- toYaml . | nindent 8 }}
         {{- end }}
-      {{- with .Values.controller.podAnnotations }}
+      {{- with $controller.podAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
-      serviceAccountName: {{ template "argo-workflows.controllerServiceAccountName" . }}
+      serviceAccountName: {{ template "argo-workflows.controllerServiceAccountName" $context }}
-      {{- with .Values.controller.podSecurityContext }}
+      {{- with $controller.podSecurityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.controller.extraInitContainers }}
+      {{- with $controller.extraInitContainers }}
       initContainers:
         {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
       containers:
         - name: controller
-          image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.controller.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag }}"
+          image: "{{- include "argo-workflows.image" (dict "context" $context "image" $controller.image) }}:{{ default (include "argo-workflows.defaultTag" $context) $controller.image.tag }}"
-          imagePullPolicy: {{ .Values.images.pullPolicy }}
+          imagePullPolicy: {{ $.Values.images.pullPolicy }}
           command: [ "workflow-controller" ]
           args:
           - "--configmap"
-          - "{{ template "argo-workflows.controller.config-map.name" . }}"
+          - "{{ template "argo-workflows.controller.config-map.name" $context }}"
           - "--executor-image"
-          - "{{- include "argo-workflows.image" (dict "context" . "image" .Values.executor.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.executor.image.tag }}"
+          - "{{- include "argo-workflows.image" (dict "context" $context "image" $.Values.executor.image) }}:{{ default (include "argo-workflows.defaultTag" $context) $.Values.executor.image.tag }}"
           - "--loglevel"
-          - "{{ .Values.controller.logging.level }}"
+          - "{{ $controller.logging.level }}"
           - "--gloglevel"
-          - "{{ .Values.controller.logging.globallevel }}"
+          - "{{ $controller.logging.globallevel }}"
           - "--log-format"
-          - "{{ .Values.controller.logging.format }}"
+          - "{{ $controller.logging.format }}"
-          {{- if .Values.singleNamespace }}
+          {{- if $.Values.singleNamespace }}
           - "--namespaced"
           {{- end }}
-          {{- with .Values.controller.workflowWorkers }}
+          {{- with $controller.workflowWorkers }}
           - "--workflow-workers"
           - {{ . | quote }}
           {{- end }}
-          {{- with .Values.controller.workflowTTLWorkers }}
+          {{- with $controller.workflowTTLWorkers }}
           - "--workflow-ttl-workers"
           - {{ . | quote }}
           {{- end }}
-          {{- with .Values.controller.podCleanupWorkers }}
+          {{- with $controller.podCleanupWorkers }}
           - "--pod-cleanup-workers"
           - {{ . | quote }}
           {{- end }}
-          {{- with .Values.controller.cronWorkflowWorkers }}
+          {{- with $controller.cronWorkflowWorkers }}
           - "--cron-workflow-workers"
           - {{ . | quote }}
           {{- end }}
-          {{- with .Values.controller.extraArgs }}
+          {{- with $controller.extraArgs }}
             {{- toYaml . | nindent 10 }}
           {{- end }}
           securityContext:
-            {{- toYaml .Values.controller.securityContext | nindent 12 }}
+            {{- toYaml $controller.securityContext | nindent 12 }}
           env:
             - name: ARGO_NAMESPACE
               valueFrom:
@@ -89,58 +94,59 @@ spec:
                 fieldRef:
                   apiVersion: v1
                   fieldPath: metadata.name
-          {{- if eq (int .Values.controller.replicas) 1 }}
+          {{- if eq (int $controller.replicas) 1 }}
             - name: LEADER_ELECTION_DISABLE
               value: "true"
           {{- end }}
-          {{- with .Values.controller.extraEnv }}
+          {{- with $controller.extraEnv }}
             {{- toYaml . | nindent 12 }}
           {{- end }}
           resources:
-            {{- toYaml .Values.controller.resources | nindent 12 }}
+            {{- toYaml $controller.resources | nindent 12 }}
-          {{- with .Values.controller.volumeMounts }}
+          {{- with $controller.volumeMounts }}
           volumeMounts:
             {{- toYaml . | nindent 10 }}
           {{- end }}
           ports:
-            - name: {{ .Values.controller.metricsConfig.portName }}
+            - name: {{ $controller.metricsConfig.portName }}
-              containerPort: {{ .Values.controller.metricsConfig.port }}
+              containerPort: {{ $controller.metricsConfig.port }}
             - containerPort: 6060
-          livenessProbe: {{ .Values.controller.livenessProbe | toYaml | nindent 12 }}
+          livenessProbe: {{ $controller.livenessProbe | toYaml | nindent 12 }}
-        {{- with .Values.controller.extraContainers }}
+        {{- with $controller.extraContainers }}
           {{- toYaml . | nindent 8 }}
         {{- end }}
-      {{- with .Values.images.pullSecrets }}
+      {{- with $.Values.images.pullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.controller.volumes }}
+      {{- with $controller.volumes }}
       volumes:
         {{- toYaml . | nindent 6 }}
       {{- end }}
-      {{- with .Values.controller.nodeSelector }}
+      {{- with $controller.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.controller.tolerations }}
+      {{- with $controller.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.controller.affinity }}
+      {{- with $controller.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.controller.topologySpreadConstraints }}
+      {{- with $controller.topologySpreadConstraints }}
       topologySpreadConstraints:
         {{- range $constraint := . }}
       - {{ toYaml $constraint | nindent 8 | trim }}
         {{- if not $constraint.labelSelector }}
         labelSelector:
           matchLabels:
-            {{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
+            {{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $controller.name) | nindent 12 }}
         {{- end }}
         {{- end }}
       {{- end }}
-      {{- with .Values.controller.priorityClassName }}
+      {{- with $controller.priorityClassName }}
       priorityClassName: {{ . }}
       {{- end }}
+{{- end }}

charts/argo-workflows/templates/controller/workflow-controller-sa.yaml

@@ -1,16 +1,22 @@
 {{- if .Values.controller.serviceAccount.create }}
+{{ $controllers := .Values.controllers | default (dict (include "argo-workflows.namespace" .) .Values.controller) -}}
+{{ range $ns, $config := $controllers -}}
+{{ $controller := deepCopy $.Values.controller | merge $config -}}
+{{- $context := merge (dict "controller" $controller) $ }}
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ template "argo-workflows.controllerServiceAccountName" . }}
+  name: {{ template "argo-workflows.controllerServiceAccountName" $context }}
-  namespace: {{ include "argo-workflows.namespace" . | quote }}
+  namespace: {{ $ns | quote }}
   labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+    {{- include "argo-workflows.labels" (dict "context" $context "component" $controller.name "name" $controller.name) | nindent 4 }}
-  {{- with .Values.controller.serviceAccount.labels  }}
+  {{- with $controller.serviceAccount.labels  }}
     {{- toYaml . | nindent 4 }}
   {{- end }}
-  {{ with .Values.controller.serviceAccount.annotations }}
+  {{ with $controller.serviceAccount.annotations }}
   annotations:
     {{- toYaml .| nindent 4 }}
   {{- end }}
 {{- end }}
+{{- end }}

charts/argo-workflows/templates/controller/workflow-controller-service.yaml

@@ -1,39 +1,45 @@
-{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }}
+{{ $controllers := deepCopy $.Values.controllers | merge (dict (include "argo-workflows.namespace" $) $.Values.controller) }}
+{{ range $ns, $config := $controllers -}}
+{{ $controller := deepCopy $.Values.controller | merge $config -}}
+{{- $context := merge (dict "controller" $controller) $}}
+{{- if or $controller.metricsConfig.enabled $controller.telemetryConfig.enabled }}
+---
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "argo-workflows.controller.fullname" . }}
+  name: {{ template "argo-workflows.controller.fullname" $context }}
-  namespace: {{ include "argo-workflows.namespace" . | quote }}
+  namespace: {{ $ns | quote }}
   labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+    {{- include "argo-workflows.labels" (dict "context" $context "component" $controller.name "name" $controller.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
+    app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" $context }}
-    {{- with .Values.controller.serviceLabels }}
+    {{- with $controller.serviceLabels }}
       {{ toYaml . | nindent 4 }}
     {{- end }}
-  {{- with .Values.controller.serviceAnnotations }}
+  {{- with $controller.serviceAnnotations }}
   annotations:
     {{- toYaml . | nindent 4}}
   {{- end }}
 spec:
   ports:
-  {{- if .Values.controller.metricsConfig.enabled }}
+  {{- if $controller.metricsConfig.enabled }}
-  - name: {{ .Values.controller.metricsConfig.servicePortName }}
+  - name: {{ $controller.metricsConfig.servicePortName }}
-    port: {{ .Values.controller.metricsConfig.servicePort }}
+    port: {{ $controller.metricsConfig.servicePort }}
     protocol: TCP
-    targetPort: {{ .Values.controller.metricsConfig.port }}
+    targetPort: {{ $controller.metricsConfig.port }}
   {{- end }}
-  {{- if .Values.controller.telemetryConfig.enabled }}
+  {{- if $controller.telemetryConfig.enabled }}
-  - name: {{ .Values.controller.telemetryConfig.servicePortName }}
+  - name: {{ $controller.telemetryConfig.servicePortName }}
-    port: {{ .Values.controller.telemetryConfig.servicePort }}
+    port: {{ $controller.telemetryConfig.servicePort }}
     protocol: TCP
-    targetPort: {{ .Values.controller.telemetryConfig.port }}
+    targetPort: {{ $controller.telemetryConfig.port }}
   {{- end }}
   selector:
-    {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }}
+    {{- include "argo-workflows.selectorLabels" (dict "context" $context "name" $controller.name) | nindent 4 }}
   sessionAffinity: None
-  type: {{ .Values.controller.serviceType }}
+  type: {{ $controller.serviceType }}
-  {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }}
+  {{- if and (eq $controller.serviceType "LoadBalancer") $controller.loadBalancerSourceRanges }}
   loadBalancerSourceRanges:
-    {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }}
+    {{- toYaml $controller.loadBalancerSourceRanges | nindent 4 }}
   {{- end }}
 {{- end -}}
+{{- end }}

charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml

@@ -1,50 +1,52 @@
 {{- if and (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }}
+{{ $namespaces := keys (deepCopy $.Values.controllers | merge (dict (include "argo-workflows.namespace" $) $.Values.controller)) }}
+{{- $context := merge (dict "controller" $.Values.controller) $ }}
+
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ template "argo-workflows.controller.fullname" . }}
+  name: {{ template "argo-workflows.controller.fullname" $context }}
-  namespace: {{ default (include "argo-workflows.namespace" .) .Values.controller.serviceMonitor.namespace | quote }}
+  namespace: {{ default (include "argo-workflows.namespace" $) $.Values.controller.serviceMonitor.namespace | quote }}
   labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+    {{- include "argo-workflows.labels" (dict "context" $context "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
-    {{- with .Values.controller.serviceMonitor.additionalLabels }}
+    {{- with $.Values.controller.serviceMonitor.additionalLabels }}
       {{- toYaml . | nindent 4 }}
     {{- end }}
 spec:
   endpoints:
-  {{- if .Values.controller.metricsConfig.enabled }}
+  {{- if $.Values.controller.metricsConfig.enabled }}
-    - port: {{ .Values.controller.metricsConfig.servicePortName }}
+    - port: {{ $.Values.controller.metricsConfig.servicePortName }}
-      path: {{ .Values.controller.metricsConfig.path }}
+      path: {{ $.Values.controller.metricsConfig.path }}
       interval: 30s
-      {{- with .Values.controller.metricsConfig.relabelings }}
+      {{- with $.Values.controller.metricsConfig.relabelings }}
       relabelings:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.controller.metricsConfig.metricRelabelings }}
+      {{- with $.Values.controller.metricsConfig.metricRelabelings }}
       metricRelabelings:
         {{- toYaml . | nindent 8 }}
       {{- end }}
   {{- end }}
-  {{- if .Values.controller.telemetryConfig.enabled }}
+  {{- if $.Values.controller.telemetryConfig.enabled }}
     - port: telemetry
-      path: {{ .Values.controller.telemetryConfig.path }}
+      path: {{ $.Values.controller.telemetryConfig.path }}
       interval: 30s
-      {{- with .Values.controller.metricsConfig.relabelings }}
+      {{- with $.Values.controller.metricsConfig.relabelings }}
       relabelings:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.controller.metricsConfig.metricRelabelings }}
+      {{- with $.Values.controller.metricsConfig.metricRelabelings }}
       metricRelabelings:
         {{- toYaml . | nindent 8 }}
       {{- end }}
   {{- end }}
-  {{- with .Values.controller.metricsConfig.targetLabels }}
+  {{- with $.Values.controller.metricsConfig.targetLabels }}
   targetLabels:
     {{- toYaml . | nindent 8 }}
   {{- end }}
   namespaceSelector:
-    matchNames:
+    matchNames: {{ $namespaces | toYaml | nindent 6 }}
-      - {{ include "argo-workflows.namespace" . | quote }}
   selector:
     matchLabels:
-      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
+      {{- include "argo-workflows.selectorLabels" (dict "context" $context "name" $.Values.controller.name) | nindent 6 }}
 {{- end }}

charts/argo-workflows/templates/controller/workflow-rb.yaml

@@ -1,5 +1,11 @@
 {{- if .Values.workflow.rbac.create -}}
-  {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq)  }}
+{{- $controllers := .Values.controllers | default (dict (include "argo-workflows.namespace" .) .Values.controller) }}
+{{- $workflowNamespaces := default list }}
+{{- range $config := values $controllers }}
+{{- $controller := deepCopy $.Values.controller | merge $config }}
+{{- $workflowNamespaces = concat $workflowNamespaces $controller.workflowNamespaces }}
+{{- end }}
+{{- range $ns := $workflowNamespaces }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -7,7 +13,7 @@ metadata:
   name: {{ template "argo-workflows.fullname" $ }}-workflow
   labels:
     {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
-    {{- with $namespace }}
+    {{- with $ns }}
   namespace: {{ . }}
     {{- end }}
 roleRef:
@@ -17,7 +23,7 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: {{ $.Values.workflow.serviceAccount.name }}
-    {{- with $namespace }}
+    {{- with $ns }}
     namespace: {{ . }}
     {{- end }}
   {{- end }}

charts/argo-workflows/templates/controller/workflow-role.yaml

@@ -1,5 +1,11 @@
 {{- if .Values.workflow.rbac.create -}}
-  {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq)  }}
+{{- $controllers := .Values.controllers | default (dict (include "argo-workflows.namespace" .) .Values.controller) }}
+{{- $workflowNamespaces := default list }}
+{{- range $config := values $controllers }}
+{{- $controller := deepCopy $.Values.controller | merge $config }}
+{{- $workflowNamespaces = concat $workflowNamespaces $controller.workflowNamespaces }}
+{{- end }}
+{{- range $ns := $workflowNamespaces }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -7,7 +13,7 @@ metadata:
   name: {{ template "argo-workflows.fullname" $ }}-workflow
   labels:
     {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
-    {{- with $namespace }}
+    {{- with $ns }}
   namespace: {{ . }}
     {{- end }}
 rules:

charts/argo-workflows/templates/controller/workflow-sa.yaml

@@ -1,5 +1,11 @@
 {{- if .Values.workflow.serviceAccount.create -}}
-  {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq)  }}
+{{- $controllers := .Values.controllers | default (dict (include "argo-workflows.namespace" .) .Values.controller) }}
+{{- $workflowNamespaces := default list }}
+{{- range $config := values $controllers }}
+{{- $controller := deepCopy $.Values.controller | merge $config }}
+{{- $workflowNamespaces = concat $workflowNamespaces $controller.workflowNamespaces }}
+{{- end }}
+{{- range $ns := $workflowNamespaces }}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -10,7 +16,7 @@ metadata:
   {{- with $.Values.workflow.serviceAccount.labels  }}
     {{- toYaml . | nindent 4 }}
   {{- end }}
-    {{- with $namespace }}
+    {{- with $ns }}
   namespace: {{ . }}
     {{- end }}
     {{- with $.Values.workflow.serviceAccount.annotations }}

charts/argo-workflows/templates/server/server-deployment.yaml

@@ -53,7 +53,7 @@ spec:
             {{- toYaml .Values.server.securityContext | nindent 12 }}
           args:
           - server
-          - --configmap={{ template "argo-workflows.controller.config-map.name" . }}
+          - --configmap={{ template "argo-workflows.controller.config-map.name" merge (dict "controller" .Values.controller) . }}
           {{- with .Values.server.extraArgs }}
             {{- toYaml . | nindent 10 }}
           {{- end }}

charts/argo-workflows/values.yaml

@@ -396,6 +396,9 @@ controller:
   # @default -- `5s` (Argo Workflows default)
   podGCDeleteDelayDuration: ""
 
+# namespace => controller-config map that to describes namespaced instances config, which overrides default controller config
+controllers: {}
+
 # mainContainer adds default config for main container that could be overriden in workflows template
 mainContainer:
   # -- imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`.