Adds SSO configuration for Argo Server.

charts/argo/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: v2.8.0
+appVersion: v2.9.0
 description: A Helm chart for Argo Workflows
 name: argo
 version: 0.9.7

charts/argo/templates/workflow-controller-config-map.yaml

@@ -67,6 +67,7 @@ data:
     {{- if .Values.controller.workflowDefaults }}
     workflowDefaults:
 {{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }}
-    {{- with .Values.controller.sso }}
+    {{- with .Values.server.sso }}
-    sso:
+    server:
-{{ toYaml . | indent 6 }}{{- end }}
+      sso: {{- toYaml . | nindent 8 }}
+    {{- end }}

charts/argo/values.yaml

@@ -4,7 +4,7 @@ images:
   server: argocli
   executor: argoexec
   pullPolicy: Always
-  tag: v2.7.6
+  tag: v2.9.0
 
 crdVersion: v1alpha1
 installCRD: true
@@ -202,6 +202,23 @@ server:
   clusterWorkflowTemplates:
     # Give the server permissions to edit ClusterWorkflowTemplates.
     enableEditing: true
+  sso:
+    # SSO configuration when SSO is specified as a server auth mode.
+    # All the values are requied. SSO is activated by adding --auth-mode=sso
+    # to the server command line.
+    #
+    # The root URL of the OIDC identity provider.
+    issuer: https://accounts.google.com
+    # Name of a secret and a key in it to retrieve the app OIDC client ID from.
+    clientId:
+      name: argo-server-sso
+      key: client-id
+    # Name of a secret and a key in it to retrieve the app OIDC client secret from.
+    clientSecret:
+      name: argo-server-sso
+      key: client-secret
+    # The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
+    redirectUrl: https://argo/oauth2/callback
 
 # Influences the creation of the ConfigMap for the workflow-controller itself.
 useDefaultArtifactRepo: false