DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into fix-workflow-pod-status-pending

Browse source
This commit is contained in:
Vlad Losev 2021-07-20 14:32:48 -07:00 committed by GitHub
commit 81119d8ec0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 63 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CONTRIBUTING.md
View file

@ -55,7 +55,7 @@ annotations:
Minimally:
```
helm install charts/argo -n argo
helm install charts/argo-workflows -n argo
argo version
```

4
charts/argo-workflows/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.2.8
version: 0.2.11
appVersion: "v3.0.7"
icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm
@ -15,4 +15,4 @@ maintainers:
- name: benjaminws
annotations:
artifacthub.io/changes: |
- "[Added]: Initialize Changelog"
- "[Fixed]: Pods stuck in pending phase due to workflow update timeouts."

2
charts/argo-workflows/README.md
View file

@ -10,7 +10,7 @@ This chart uses an install hook to configure the CRD definition. Installation of
A few options are:
- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute
- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec
- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions
## Usage Notes

10
charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
View file

@ -121,8 +121,18 @@ rules:
resources:
- leases
resourceNames:
{{- if .Values.controller.instanceID.enabled }}
{{- if .Values.controller.instanceID.useReleaseName }}
- workflow-controller-{{ .Release.Name }}
- workflow-controller-lease-{{ .Release.Name }}
{{- else }}
- workflow-controller-{{ .Values.controller.instanceID.explicitID }}
- workflow-controller-lease-{{ .Values.controller.instanceID.explicitID }}
{{- end }}
{{- else }}
- workflow-controller
- workflow-controller-lease
{{- end }}
verbs:
- get
- watch

6
charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
View file

@ -7,11 +7,11 @@ metadata:
data:
config: |
{{- if .Values.controller.instanceID.enabled }}
{{- if .Values.controller.instanceID.useReleaseName }}
{{- if .Values.controller.instanceID.useReleaseName }}
instanceID: {{ .Release.Name }}
{{- else }}
{{- else }}
instanceID: {{ .Values.controller.instanceID.explicitID }}
{{- end }}
{{- end }}
{{- end }}
containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }}
{{- if .Values.controller.parallelism }}

19
charts/argo-workflows/templates/controller/workflow-rb.yaml
View file

@ -1,19 +1,20 @@
{{- if .Values.workflow.rbac.create -}}
{{- range $namespace := or .Values.singeNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-workflows.fullname" . }}-workflow
{{- with .Values.workflow.namespace }}
namespace: {{ . }}
{{- end }}
name: {{ template "argo-workflows.fullname" $ }}-workflow
namespace: {{ $namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-workflows.fullname" . }}-workflow
name: {{ template "argo-workflows.fullname" $ }}-workflow
subjects:
- kind: ServiceAccount
name: {{ .Values.workflow.serviceAccount.name }}
{{- with .Values.workflow.namespace }}
namespace: {{ . }}
- kind: ServiceAccount
name: {{ $.Values.workflow.serviceAccount.name }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- end }}
{{- end }}

40
charts/argo-workflows/templates/controller/workflow-role.yaml
View file

@ -1,25 +1,29 @@
{{- if .Values.workflow.rbac.create -}}
{{- range $namespace := or .Values.singeNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-workflows.fullname" . }}-workflow
{{- with .Values.workflow.namespace }}
name: {{ template "argo-workflows.fullname" $ }}-workflow
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- watch
- patch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- watch
- patch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- watch
{{- end }}
{{- end }}

13
charts/argo-workflows/templates/controller/workflow-sa.yaml
View file

@ -1,13 +1,16 @@
{{- if .Values.workflow.serviceAccount.create -}}
{{- range $namespace := or .Values.singeNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.workflow.serviceAccount.name }}
{{- with .Values.workflow.namespace }}
name: {{ $.Values.workflow.serviceAccount.name }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- with .Values.workflow.serviceAccount.annotations }}
{{- end }}
{{- with $.Values.workflow.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

13
charts/argo-workflows/values.yaml
View file

@ -5,11 +5,6 @@ images:
pullSecrets: []
# - name: argo-pull-secret
init:
# By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is
# being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info.
serviceAccount: ""
createAggregateRoles: true
## String to partially override "argo-workflows.fullname" template
@ -29,13 +24,15 @@ kubeVersionOverride: ""
singleNamespace: false
workflow:
namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created.
namespace: # Deprecated, for backwards compatibility: specify a single namespace to run workflows in
serviceAccount:
create: false # Specifies whether a service account should be created
annotations: {}
name: "argo-workflow" # Service account which is used to run workflows
rbac:
create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows
# Adds Role and RoleBinding for the above specified service account to be able to run workflows
# A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below)
create: true
controller:
image:
@ -109,6 +106,8 @@ controller:
# Annotations applied to created service account
annotations: {}
name: workflow-controller
# Specify all namespaces to run worksflows need to be able to run in. This controls where the service
# account and RBAC resources will be created. If unspecified, will run in the default namespace.
workflowNamespaces:
- default
containerRuntimeExecutor: docker