Merge branch 'master' into fix-argocd-crds

2021-01-15 11:07:44 -08:00 · 2021-01-15 11:07:44 -08:00 · 6aff63f6f0
commit 6aff63f6f0
parent 77662fe04a e8ca7ce63b
5 changed files with 27 additions and 12 deletions
--- a/charts/argo/requirements.lock
+++ b/charts/argo/requirements.lock
@ -3,4 +3,4 @@ dependencies:
  repository: https://helm.min.io/
  version: 8.0.9
 digest: sha256:0f43ad0a4b4e9af47615ef3da85054712eb28f154418d96b7b974a095cc19260
-generated: "2021-01-11T15:01:01.169105-08:00"
+generated: "2021-01-13T15:31:40.823086-08:00"
--- a/charts/argo/Chart.yaml
+++ b/charts/argo/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2.12.3
 description: A Helm chart for Argo Workflows
 name: argo
-version: 0.15.0
+version: 0.15.2
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 home: https://github.com/argoproj/argo-helm
 maintainers:
@ -10,3 +10,8 @@ maintainers:
  - name: alexmt
  - name: jessesuen
  - name: benjaminws
+dependencies:
+- name: minio
+  version: 8.0.9
+  repository: https://helm.min.io/
+  condition: minio.install
--- a/charts/argo/requirements.yaml
+++ b/charts/argo/requirements.yaml
@ -1,5 +0,0 @@
-dependencies:
- name: minio
-  version: 8.0.9
-  repository: https://helm.min.io/
-  condition: minio.install
--- a/charts/argo/templates/server-cluster-roles.yaml
+++ b/charts/argo/templates/server-cluster-roles.yaml
@ -41,7 +41,8 @@ rules:
  verbs:
  - create
 {{- end}}
-{{- if .Values.server.rbac }}
+{{- if .Values.server.sso }}
+  {{- if .Values.server.sso.rbac }}
 - apiGroups:
  - ""
  resources:
@ -50,15 +51,20 @@ rules:
  - get
  - list
  {{- end }}
+{{- end }}
 - apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
-{{- with .Values.server.rbac.secretWhitelist }}
+{{- if .Values.server.sso }}
+  {{- if .Values.server.sso.rbac }}
+    {{- with .Values.server.sso.rbac.secretWhitelist }}
  resourceNames: {{- toYaml . | nindent 4 }}
    {{- end }}
+  {{- end }}
+{{- end }}
 - apiGroups:
  - ""
  resources:
--- a/charts/argo/values.yaml
+++ b/charts/argo/values.yaml
@ -167,9 +167,6 @@ server:
  serviceType: ClusterIP
  servicePort: 2746
  # servicePortName: http
-  rbac:
-    # When present, restricts secrets the server can read to a given list.
-    secretWhitelist: []
  serviceAccount: argo-server
  # Whether to create the service account with the name specified in
  # server.serviceAccount and bind it to the server role.
@ -267,6 +264,18 @@ server:
    #   key: client-secret
    ## The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
    # redirectUrl: https://argo/oauth2/callback
+    # rbac:
+    #   enabled: true
+    ## When present, restricts secrets the server can read to a given list.
+    ## You can use it to restrict the server to only be able to access the
+    ## service account token secrets that are associated with service accounts
+    ## used for authorization.
+    #   secretWhitelist: []
+    ## Scopes requested from the SSO ID provider.  The 'groups' scope requests
+    ## group membership information, which is usually used for authorization
+    ## decisions.
+    # scopes:
+    # - groups

 # Influences the creation of the ConfigMap for the workflow-controller itself.
 useDefaultArtifactRepo: false