DevFW-CICD/argocd-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(Argo): Unify settings for activating rbac. (#544)

Browse source 
Signed-off-by: Vlad Losev <vladimir.losev@sage.com>
This commit is contained in:
Vlad Losev 2021-01-13 10:07:56 -08:00 committed by GitHub
parent 391c439de6
commit 4f7fe688cf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/argo/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
appVersion: v2.12.3 appVersion: v2.12.3
description: A Helm chart for Argo Workflows description: A Helm chart for Argo Workflows
name: argo name: argo
version: 0.15.0 version: 0.15.1
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
maintainers: maintainers:

10
charts/argo/templates/server-cluster-roles.yaml
View file

@ -41,7 +41,8 @@ rules:
verbs: verbs:
- create - create
{{- end}} {{- end}}
{{- if .Values.server.rbac }} {{- if .Values.server.sso }}
{{- if .Values.server.sso.rbac }}
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@ -50,15 +51,20 @@ rules:
- get - get
- list - list
{{- end }} {{- end }}
{{- end }}
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- secrets - secrets
verbs: verbs:
- get - get
{{- with .Values.server.rbac.secretWhitelist }} {{- if .Values.server.sso }}
{{- if .Values.server.sso.rbac }}
{{- with .Values.server.sso.rbac.secretWhitelist }}
resourceNames: {{- toYaml . | nindent 4 }} resourceNames: {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
{{- end }}
{{- end }}
- apiGroups: - apiGroups:
- "" - ""
resources: resources:

15
charts/argo/values.yaml
View file

@ -167,9 +167,6 @@ server:
serviceType: ClusterIP serviceType: ClusterIP
servicePort: 2746 servicePort: 2746
# servicePortName: http # servicePortName: http
rbac:
# When present, restricts secrets the server can read to a given list.
secretWhitelist: []
serviceAccount: argo-server serviceAccount: argo-server
# Whether to create the service account with the name specified in # Whether to create the service account with the name specified in
# server.serviceAccount and bind it to the server role. # server.serviceAccount and bind it to the server role.
@ -267,6 +264,18 @@ server:
# key: client-secret # key: client-secret
## The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback. ## The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
# redirectUrl: https://argo/oauth2/callback # redirectUrl: https://argo/oauth2/callback
# rbac:
# enabled: true
## When present, restricts secrets the server can read to a given list.
## You can use it to restrict the server to only be able to access the
## service account token secrets that are associated with service accounts
## used for authorization.
# secretWhitelist: []
## Scopes requested from the SSO ID provider. The 'groups' scope requests
## group membership information, which is usually used for authorization
## decisions.
# scopes:
# - groups
# Influences the creation of the ConfigMap for the workflow-controller itself. # Influences the creation of the ConfigMap for the workflow-controller itself.
useDefaultArtifactRepo: false useDefaultArtifactRepo: false