Add support for namespaced install

2020-03-11 19:58:55 +00:00 · 2020-03-11 19:58:55 +00:00 · 565f984149
commit 565f984149
parent 664829aa24
8 changed files with 55 additions and 11 deletions
--- a/charts/argo/templates/server-cluster-role.yaml
+++ b/charts/argo/templates/server-cluster-role.yaml
@ -1,6 +1,10 @@
 {{- if .Values.server.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.namespaced }}
+kind: Role
+{{ else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-role
 rules:
--- a/charts/argo/templates/server-crb.yaml
+++ b/charts/argo/templates/server-crb.yaml
@ -1,11 +1,19 @@
 {{- if .Values.server.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.namespaced }}
+kind: RoleBinding
+{{ else }}
 kind: ClusterRoleBinding
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.server.name}}-crb
 roleRef:
  apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.namespaced }}
+  kind: Role
+  {{ else }}
  kind: ClusterRole
+  {{- end }}
  name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-role
 subjects:
 - kind: ServiceAccount
--- a/charts/argo/templates/server-deployment.yaml
+++ b/charts/argo/templates/server-deployment.yaml
@ -1,5 +1,5 @@
-
-{{- if .Values.server.enabled -}}apiVersion: apps/v1
+{{- if .Values.server.enabled -}}
+apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ .Release.Name }}-{{ .Values.server.name}}
@ -13,7 +13,6 @@ spec:
    matchLabels:
      app: {{ .Release.Name }}-{{ .Values.server.name}}
      release: {{ .Release.Name }}
-      app: {{ .Release.Name }}-{{ .Values.server.name}}
  template:
    metadata:
      labels:
@ -31,21 +30,23 @@ spec:
        - name: argo-server
          args:
          - server
+          {{- if .Values.namespaced }}
+          - "--namespaced"
+          {{- end }}
          image: "{{ .Values.images.namespace }}/{{ .Values.images.server }}:{{ default .Values.images.tag .Values.server.image.tag }}"
          imagePullPolicy: {{ .Values.images.pullPolicy }}
          {{- if .Values.server.podPortName }}
          ports:
          - name: {{ .Values.server.podPortName }}
-            ports:
            containerPort: 2746
-            readinessProbe:
-              httpGet:
-                path: /
-                port: 2746
-                scheme: HTTP
-              initialDelaySeconds: 10
-              periodSeconds: 20
          {{- end }}
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 2746
+              scheme: HTTP
+            initialDelaySeconds: 10
+            periodSeconds: 20
          env:
          {{- if .Values.server.forceNamespaceIsolation }}
          - name: FORCE_NAMESPACE_ISOLATION
--- a/charts/argo/templates/workflow-aggregate-roles.yaml
+++ b/charts/argo/templates/workflow-aggregate-roles.yaml
@ -1,6 +1,10 @@
 {{- if .Values.createAggregateRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.namespaced }}
+kind: Role
+{{ else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  annotations:
    helm.sh/hook: pre-install
@ -24,7 +28,11 @@ rules:
  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+  {{- if .Values.namespaced }}
+kind: Role
+  {{ else }}
 kind: ClusterRole
+  {{- end }}
 metadata:
  annotations:
    helm.sh/hook: pre-install
@ -53,7 +61,11 @@ rules:
  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+  {{- if .Values.namespaced }}
+kind: Role
+  {{ else }}
 kind: ClusterRole
+  {{- end }}
 metadata:
  annotations:
    helm.sh/hook: pre-install
--- a/charts/argo/templates/workflow-controller-clusterrole.yaml
+++ b/charts/argo/templates/workflow-controller-clusterrole.yaml
@ -1,5 +1,9 @@
 apiVersion: rbac.authorization.k8s.io/v1
+  {{- if .Values.namespaced }}
+kind: Role
+  {{ else }}
 kind: ClusterRole
+  {{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.controller.name}}-cluster-role
 rules:
--- a/charts/argo/templates/workflow-controller-crb.yaml
+++ b/charts/argo/templates/workflow-controller-crb.yaml
@ -1,10 +1,18 @@
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.namespaced }}
+kind: RoleBinding
+{{ else }}
 kind: ClusterRoleBinding
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.controller.name}}-binding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.namespaced }}
+  kind: Role
+  {{ else }}
  kind: ClusterRole
+  {{- end }}
  name: {{ .Release.Name }}-{{ .Values.controller.name}}-cluster-role
 subjects:
  - kind: ServiceAccount
--- a/charts/argo/templates/workflow-controller-deployment.yaml
+++ b/charts/argo/templates/workflow-controller-deployment.yaml
@ -40,6 +40,9 @@ spec:
          - "{{ .Values.controller.logging.level }}"
          - "--gloglevel"
          - "{{ .Values.controller.logging.globallevel }}"
+          {{- if .Values.namespaced }}
+          - "--namespaced"
+          {{- end }}
          env:
          - name: ARGO_NAMESPACE
            valueFrom:
--- a/charts/argo/values.yaml
+++ b/charts/argo/values.yaml
@ -16,6 +16,10 @@ init:

 createAggregateRoles: true

+# Install argo components into a single namespace. Apply Roles and RoleBindings instead of the Cluster equivalents,
+# and start argo-cli with the --namespaced flag.
+namespaced: false
+
 controller:
  image:
    # Overrides .images.tag if defined.