diff --git a/charts/argo/templates/server-cluster-role.yaml b/charts/argo/templates/server-cluster-role.yaml index fbf8d044..a5e648df 100644 --- a/charts/argo/templates/server-cluster-role.yaml +++ b/charts/argo/templates/server-cluster-role.yaml @@ -1,6 +1,10 @@ {{- if .Values.server.enabled }} apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.namespaced }} +kind: Role +{{ else }} kind: ClusterRole +{{- end }} metadata: name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-role rules: diff --git a/charts/argo/templates/server-crb.yaml b/charts/argo/templates/server-crb.yaml index e764b847..2d4326f0 100644 --- a/charts/argo/templates/server-crb.yaml +++ b/charts/argo/templates/server-crb.yaml @@ -1,11 +1,19 @@ {{- if .Values.server.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.namespaced }} +kind: RoleBinding +{{ else }} kind: ClusterRoleBinding +{{- end }} metadata: name: {{ .Release.Name }}-{{ .Values.server.name}}-crb roleRef: apiGroup: rbac.authorization.k8s.io + {{- if .Values.namespaced }} + kind: Role + {{ else }} kind: ClusterRole + {{- end }} name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-role subjects: - kind: ServiceAccount diff --git a/charts/argo/templates/server-deployment.yaml b/charts/argo/templates/server-deployment.yaml index ddb1821d..87e623a6 100644 --- a/charts/argo/templates/server-deployment.yaml +++ b/charts/argo/templates/server-deployment.yaml @@ -1,5 +1,5 @@ - -{{- if .Values.server.enabled -}}apiVersion: apps/v1 +{{- if .Values.server.enabled -}} +apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-{{ .Values.server.name}} @@ -13,7 +13,6 @@ spec: matchLabels: app: {{ .Release.Name }}-{{ .Values.server.name}} release: {{ .Release.Name }} - app: {{ .Release.Name }}-{{ .Values.server.name}} template: metadata: labels: @@ -31,21 +30,23 @@ spec: - name: argo-server args: - server + {{- if .Values.namespaced }} + - "--namespaced" + {{- end }} image: "{{ .Values.images.namespace }}/{{ .Values.images.server }}:{{ default .Values.images.tag .Values.server.image.tag }}" imagePullPolicy: {{ .Values.images.pullPolicy }} {{- if .Values.server.podPortName }} ports: - name: {{ .Values.server.podPortName }} - ports: containerPort: 2746 - readinessProbe: - httpGet: - path: / - port: 2746 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 20 {{- end }} + readinessProbe: + httpGet: + path: / + port: 2746 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 20 env: {{- if .Values.server.forceNamespaceIsolation }} - name: FORCE_NAMESPACE_ISOLATION diff --git a/charts/argo/templates/workflow-aggregate-roles.yaml b/charts/argo/templates/workflow-aggregate-roles.yaml index d817ead7..83ef6dcf 100644 --- a/charts/argo/templates/workflow-aggregate-roles.yaml +++ b/charts/argo/templates/workflow-aggregate-roles.yaml @@ -1,6 +1,10 @@ {{- if .Values.createAggregateRoles }} apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.namespaced }} +kind: Role +{{ else }} kind: ClusterRole +{{- end }} metadata: annotations: helm.sh/hook: pre-install @@ -24,7 +28,11 @@ rules: - watch --- apiVersion: rbac.authorization.k8s.io/v1 + {{- if .Values.namespaced }} +kind: Role + {{ else }} kind: ClusterRole + {{- end }} metadata: annotations: helm.sh/hook: pre-install @@ -53,7 +61,11 @@ rules: - watch --- apiVersion: rbac.authorization.k8s.io/v1 + {{- if .Values.namespaced }} +kind: Role + {{ else }} kind: ClusterRole + {{- end }} metadata: annotations: helm.sh/hook: pre-install diff --git a/charts/argo/templates/workflow-controller-clusterrole.yaml b/charts/argo/templates/workflow-controller-clusterrole.yaml index 8df46229..72253955 100644 --- a/charts/argo/templates/workflow-controller-clusterrole.yaml +++ b/charts/argo/templates/workflow-controller-clusterrole.yaml @@ -1,5 +1,9 @@ apiVersion: rbac.authorization.k8s.io/v1 + {{- if .Values.namespaced }} +kind: Role + {{ else }} kind: ClusterRole + {{- end }} metadata: name: {{ .Release.Name }}-{{ .Values.controller.name}}-cluster-role rules: diff --git a/charts/argo/templates/workflow-controller-crb.yaml b/charts/argo/templates/workflow-controller-crb.yaml index 5dc55111..788d0a38 100644 --- a/charts/argo/templates/workflow-controller-crb.yaml +++ b/charts/argo/templates/workflow-controller-crb.yaml @@ -1,10 +1,18 @@ apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.namespaced }} +kind: RoleBinding +{{ else }} kind: ClusterRoleBinding +{{- end }} metadata: name: {{ .Release.Name }}-{{ .Values.controller.name}}-binding roleRef: apiGroup: rbac.authorization.k8s.io + {{- if .Values.namespaced }} + kind: Role + {{ else }} kind: ClusterRole + {{- end }} name: {{ .Release.Name }}-{{ .Values.controller.name}}-cluster-role subjects: - kind: ServiceAccount diff --git a/charts/argo/templates/workflow-controller-deployment.yaml b/charts/argo/templates/workflow-controller-deployment.yaml index 06b708c6..37097844 100644 --- a/charts/argo/templates/workflow-controller-deployment.yaml +++ b/charts/argo/templates/workflow-controller-deployment.yaml @@ -40,6 +40,9 @@ spec: - "{{ .Values.controller.logging.level }}" - "--gloglevel" - "{{ .Values.controller.logging.globallevel }}" + {{- if .Values.namespaced }} + - "--namespaced" + {{- end }} env: - name: ARGO_NAMESPACE valueFrom: diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 4823e925..c3a971f6 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -16,6 +16,10 @@ init: createAggregateRoles: true +# Install argo components into a single namespace. Apply Roles and RoleBindings instead of the Cluster equivalents, +# and start argo-cli with the --namespaced flag. +namespaced: false + controller: image: # Overrides .images.tag if defined.