DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

allow setting up SA and RBAC resources

Browse source
This commit is contained in:
Markus Lippert 2020-07-10 16:05:38 +02:00
parent 2b9193ac69
commit 7d113774a3
4 changed files with 66 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
charts/argo/templates/workflow-rb.yaml Normal file
View file

@ -0,0 +1,19 @@
{{- if .Values.workflow.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Release.Name }}-workflow
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .Release.Name }}-workflow
subjects:
- kind: ServiceAccount
name: {{ .Values.workflow.serviceAccount.name }}
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
{{- end }}

25
charts/argo/templates/workflow-role.yaml Normal file
View file

@ -0,0 +1,25 @@
{{- if .Values.workflow.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Release.Name }}-workflow
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- watch
- patch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- watch
{{- end }}

13
charts/argo/templates/workflow-sa.yaml Normal file
View file

@ -0,0 +1,13 @@
{{- if .Values.workflow.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.workflow.serviceAccount.name }}
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
{{- with .Values.workflow.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

9
charts/argo/values.yaml
View file

@ -20,6 +20,15 @@ createAggregateRoles: true
# and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy.
singleNamespace: false
workflow:
namespace: "" # Speficy namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created.
serviceAccount:
create: false # Specifies whether a service account should be created
annotations: {}
name: "default" # Service account which is used to run workflows
rbac:
create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows
controller:
image:
# Overrides .images.tag if defined.