DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

allow workflow to be run in multiple namespaces, bump chart version

Browse source 
Signed-off-by: reinvantveer <rein.van.t.veer@geodan.nl>
This commit is contained in:
reinvantveer 2021-07-05 12:49:13 +02:00
parent b78109c4f3
commit 8eb0e11a26
5 changed files with 148 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/argo-workflows/Chart.yaml
View file

@ -3,7 +3,7 @@ name: argo-workflows
description: A Helm chart for Argo Workflows description: A Helm chart for Argo Workflows
type: application type: application
version: 0.2.6 version: 0.2.6
appVersion: "v3.0.7" appVersion: "v3.0.8"
icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
sources: sources:

61
charts/argo-workflows/templates/controller/workflow-rb.yaml
View file

@ -1,19 +1,56 @@
{{- if .Values.workflow.rbac.create -}} {{- define "workflow-rb-base" }}
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: {{ template "argo-workflows.fullname" . }}-workflow {{- end }}
{{- with .Values.workflow.namespace }}
namespace: {{ . }} {{- define "workflow-rb-roleref" }}
{{- end }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
name: {{ template "argo-workflows.fullname" . }}-workflow
subjects:
- kind: ServiceAccount
name: {{ .Values.workflow.serviceAccount.name }}
{{- with .Values.workflow.namespace }}
namespace: {{ . }}
{{- end }}
{{- end }} {{- end }}
{{- define "workflow-rb-subjects" }}
subjects:
- kind: ServiceAccount
{{- end }}
{{- if .Values.workflow.rbac.create -}}
{{- if .Values.workflow.namespaces }}
{{- range .Values.workflow.namespaces }}
{{ $namespace := . }}
{{ include "workflow-rb-base" . }}
name: {{ $.Release.Name }}-workflow
namespace: {{ $namespace }}
{{- include "workflow-rb-roleref" . }}
name: {{ template "argo-workflows.fullname" $ }}-workflow
{{- include "workflow-rb-subjects" . }}
name: {{ $.Values.workflow.serviceAccount.name }}
namespace: {{ $namespace }}
{{- end }}
{{- else }}
{{ include "workflow-rb-base" . }}
name: {{ $.Release.Name }}-workflow
{{- if $.Values.workflow.namespace }}
namespace: {{ $.Values.workflow.namespace }}
{{- end }}
{{- include "workflow-rb-roleref" . }}
name: {{ template "argo-workflows.fullname" $ }}-workflow
{{- include "workflow-rb-subjects" . }}
name: {{ $.Values.workflow.serviceAccount.name }}
{{- if $.Values.workflow.namespace }}
namespace: {{ $.Values.workflow.namespace }}
{{- end }}
{{- end }}
{{- end }}

64
charts/argo-workflows/templates/controller/workflow-role.yaml
View file

@ -1,25 +1,49 @@
{{- if .Values.workflow.rbac.create -}} {{- define "workflow-role-base" }}
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: {{ template "argo-workflows.fullname" . }}-workflow
{{- with .Values.workflow.namespace }}
namespace: {{ . }}
{{- end }} {{- end }}
{{/* workflow-role-rules are defined separately so they can be inserted after templating the metadata */}}
{{- define "workflow-role-rules" }}
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- pods - pods
verbs: verbs:
- get - get
- watch - watch
- patch - patch
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- pods/log - pods/log
verbs: verbs:
- get - get
- watch - watch
{{- end }} {{- end }}
{{- if .Values.workflow.rbac.create -}}
{{- if .Values.workflow.namespaces }}
{{- range .Values.workflow.namespaces}}
{{ $namespace := . }}
{{- include "workflow-role-base" . }}
name: {{ template "argo-workflows.fullname" $ }}-workflow
namespace: {{ $namespace }}
{{- include "workflow-role-rules" . }}
{{- end }}
{{- else }}
{{- include "workflow-role-base" . }}
name: {{ template "argo-workflows.fullname" $ }}-workflow
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
{{- include "workflow-role-rules" . }}
{{- end }}
{{- end }}

57
charts/argo-workflows/templates/controller/workflow-sa.yaml
View file

@ -1,13 +1,56 @@
{{- if .Values.workflow.serviceAccount.create -}} {{- define "sa-base" }}
---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: {{ .Values.workflow.serviceAccount.name }}
{{- with .Values.workflow.namespace }}
namespace: {{ . }}
{{- end }} {{- end }}
{{- with .Values.workflow.serviceAccount.annotations }}
{{- if .Values.workflow.serviceAccount.create -}}
{{- /*
Cardinality-check the namespaces/namespace variables
This type check is done only once, here. It would be overkill to perform it for other RBAC resources as well.
*/}}
{{- if and .Values.workflow.namespaces .Values.workflow.namespace }}
{{- fail "Please set either workflow.namespaces or workflow.namespace for the service account, not both" }}
{{- end }}
{{- if and ( not .Values.workflow.namespace ) ( not .Values.workflow.namespaces ) }}
{{- fail "Please set either workflow.namespaces or workflow.namespace" }}
{{- end }}
{{- if .Values.workflow.namespaces }}
{{- /*
Type-check the namespaces variable for being a list ("slice")
This type check is done only once, here. It would be overkill to perform it for other RBAC resources as well.
*/}}
{{- if not ( kindIs "slice" .Values.workflow.namespaces ) }}
{{- fail ( printf "workflow.namespaces is a slice, got %s %s" ( kindOf .Values.workflow.namespaces ) .Values.workflow.namespaces ) }}
{{- end }}
{{ $namespaces := .Values.workflow.namespaces }}
{{- range $namespaces }}
{{ $namespace := . }}
{{ include "sa-base" . }}
name: {{ $.Values.workflow.serviceAccount.name }}
namespace: {{ $namespace }}
annotations: annotations:
{{- toYaml . | nindent 4 }} {{- toYaml $.Values.workflow.serviceAccount.annotations | nindent 4 }}
{{- end }}
{{- else }}
{{- $namespaces := tuple .Values.workflow.namespace }}
{{- range $namespaces }}
{{- $namespace := . }}
{{ include "sa-base" . }}
name: {{ $.Values.workflow.serviceAccount.name }}
namespace: {{ $namespace }}
annotations:
{{- toYaml $.Values.workflow.serviceAccount.annotations | nindent 4 }}
{{- end }}
{{- end }}
{{- end }} {{- end }}
{{- end }}

6
charts/argo-workflows/values.yaml
View file

@ -29,13 +29,15 @@ kubeVersionOverride: ""
singleNamespace: false singleNamespace: false
workflow: workflow:
namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created. namespaces: [] # Specify all namespaces to run worksflows need to be able to run in. This controls where the service
# account and RBAC resources will be created. If unspecified, will run in the same namespace as argo.
namespace: # Deprecated, for backwards compatibility: specify a single namespace to run workflows in
serviceAccount: serviceAccount:
create: false # Specifies whether a service account should be created create: false # Specifies whether a service account should be created
annotations: {} annotations: {}
name: "argo-workflow" # Service account which is used to run workflows name: "argo-workflow" # Service account which is used to run workflows
rbac: rbac:
create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows create: true # adds Role and RoleBinding for the above specified service account to be able to run workflows
controller: controller:
image: image: