fix: ClusterWorkflowTemplate access (#352)
This commit is contained in:
parent
859d769c12
commit
370ec9f6c4
6 changed files with 72 additions and 33 deletions
|
@ -2,7 +2,7 @@ apiVersion: v1
|
|||
appVersion: v2.8.0
|
||||
description: A Helm chart for Argo Workflows
|
||||
name: argo
|
||||
version: 0.9.1
|
||||
version: 0.9.2
|
||||
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
|
||||
home: https://github.com/argoproj/argo-helm
|
||||
maintainers:
|
||||
|
|
|
@ -1,14 +1,8 @@
|
|||
{{- if .Values.server.enabled }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name }}-role
|
||||
{{ else }}
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-role
|
||||
{{- end }}
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
|
@ -58,7 +52,6 @@ rules:
|
|||
- workflows
|
||||
- workflowtemplates
|
||||
- cronworkflows
|
||||
- clusterworkflowtemplates
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
|
@ -67,4 +60,24 @@ rules:
|
|||
- update
|
||||
- patch
|
||||
- delete
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-template
|
||||
rules:
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- clusterworkflowtemplates
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
{{- if .Values.server.clusterWorkflowTemplates.enableEditing }}
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -3,21 +3,29 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
{{- if .Values.singleNamespace }}
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name}}-rb
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name}}
|
||||
{{ else }}
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name}}-crb
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name}}
|
||||
{{- end }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name}}-role
|
||||
{{ else }}
|
||||
kind: ClusterRole
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-role
|
||||
{{- end }}
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name}}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.server.serviceAccount }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.server.serviceAccount }}
|
||||
|
|
|
@ -1,13 +1,7 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}-role
|
||||
{{ else }}
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-role
|
||||
{{- end }}
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
|
@ -103,5 +97,18 @@ rules:
|
|||
verbs:
|
||||
- get
|
||||
{{- end}}
|
||||
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
|
||||
rules:
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- clusterworkflowtemplates
|
||||
- clusterworkflowtemplates/finalizers
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
|
@ -5,16 +5,11 @@ kind: RoleBinding
|
|||
kind: ClusterRoleBinding
|
||||
{{- end }}
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}-binding
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if .Values.singleNamespace }}
|
||||
kind: Role
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}-role
|
||||
{{ else }}
|
||||
kind: ClusterRole
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-role
|
||||
{{- end }}
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.controller.serviceAccount }}
|
||||
|
@ -30,3 +25,16 @@ subjects:
|
|||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.controller.serviceAccount }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
|
|
@ -190,6 +190,9 @@ server:
|
|||
# - secretName: argo-ui-tls
|
||||
# hosts:
|
||||
# - argo.domain.com
|
||||
clusterWorkflowTemplates:
|
||||
# Give the server permissions to edit ClusterWorkflowTemplates.
|
||||
enableEditing: true
|
||||
|
||||
# Influences the creation of the ConfigMap for the workflow-controller itself.
|
||||
useDefaultArtifactRepo: false
|
||||
|
|
Loading…
Reference in a new issue