DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into master

Browse source
This commit is contained in:
Niels ten Boom 2021-07-20 22:40:48 +02:00 committed by GitHub
commit cd122b3aec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 50 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CONTRIBUTING.md
View file

@ -55,7 +55,7 @@ annotations:
Minimally: Minimally:
``` ```
helm install charts/argo -n argo helm install charts/argo-workflows -n argo
argo version argo version
``` ```

4
charts/argo-workflows/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: argo-workflows name: argo-workflows
description: A Helm chart for Argo Workflows description: A Helm chart for Argo Workflows
type: application type: application
version: 0.2.8 version: 0.2.10
appVersion: "v3.0.7" appVersion: "v3.0.7"
icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
@ -15,4 +15,4 @@ maintainers:
- name: benjaminws - name: benjaminws
annotations: annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- "[Fixed]: Controller Role/ClusterRole to work with InstanceID" - "[Fixed]: Removed init.serviceAccount unused fields"

2
charts/argo-workflows/README.md
View file

@ -10,7 +10,7 @@ This chart uses an install hook to configure the CRD definition. Installation of
A few options are: A few options are:
- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute - Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec
- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions - Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions
## Usage Notes ## Usage Notes

19
charts/argo-workflows/templates/controller/workflow-rb.yaml
View file

@ -1,19 +1,20 @@
{{- if .Values.workflow.rbac.create -}} {{- if .Values.workflow.rbac.create -}}
{{- range $namespace := or .Values.singeNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: {{ template "argo-workflows.fullname" . }}-workflow name: {{ template "argo-workflows.fullname" $ }}-workflow
{{- with .Values.workflow.namespace }} namespace: {{ $namespace }}
namespace: {{ . }}
{{- end }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
name: {{ template "argo-workflows.fullname" . }}-workflow name: {{ template "argo-workflows.fullname" $ }}-workflow
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ .Values.workflow.serviceAccount.name }} name: {{ $.Values.workflow.serviceAccount.name }}
{{- with .Values.workflow.namespace }} {{- with $namespace }}
namespace: {{ . }} namespace: {{ . }}
{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

40
charts/argo-workflows/templates/controller/workflow-role.yaml
View file

@ -1,25 +1,29 @@
{{- if .Values.workflow.rbac.create -}} {{- if .Values.workflow.rbac.create -}}
{{- range $namespace := or .Values.singeNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: {{ template "argo-workflows.fullname" . }}-workflow name: {{ template "argo-workflows.fullname" $ }}-workflow
{{- with .Values.workflow.namespace }} {{- with $namespace }}
namespace: {{ . }} namespace: {{ . }}
{{- end }} {{- end }}
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- pods - pods
verbs: verbs:
- get - get
- watch - watch
- patch - patch
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- pods/log - pods/log
verbs: verbs:
- get - get
- watch - watch
{{- end }}
{{- end }} {{- end }}

13
charts/argo-workflows/templates/controller/workflow-sa.yaml
View file

@ -1,13 +1,16 @@
{{- if .Values.workflow.serviceAccount.create -}} {{- if .Values.workflow.serviceAccount.create -}}
{{- range $namespace := or .Values.singeNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }}
---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: {{ .Values.workflow.serviceAccount.name }} name: {{ $.Values.workflow.serviceAccount.name }}
{{- with .Values.workflow.namespace }} {{- with $namespace }}
namespace: {{ . }} namespace: {{ . }}
{{- end }} {{- end }}
{{- with .Values.workflow.serviceAccount.annotations }} {{- with $.Values.workflow.serviceAccount.annotations }}
annotations: annotations:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

13
charts/argo-workflows/values.yaml
View file

@ -5,11 +5,6 @@ images:
pullSecrets: [] pullSecrets: []
# - name: argo-pull-secret # - name: argo-pull-secret
init:
# By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is
# being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info.
serviceAccount: ""
createAggregateRoles: true createAggregateRoles: true
## String to partially override "argo-workflows.fullname" template ## String to partially override "argo-workflows.fullname" template
@ -29,13 +24,15 @@ kubeVersionOverride: ""
singleNamespace: false singleNamespace: false
workflow: workflow:
namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created. namespace: # Deprecated, for backwards compatibility: specify a single namespace to run workflows in
serviceAccount: serviceAccount:
create: false # Specifies whether a service account should be created create: false # Specifies whether a service account should be created
annotations: {} annotations: {}
name: "argo-workflow" # Service account which is used to run workflows name: "argo-workflow" # Service account which is used to run workflows
rbac: rbac:
create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows # Adds Role and RoleBinding for the above specified service account to be able to run workflows
# A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below)
create: true
controller: controller:
image: image:
@ -109,6 +106,8 @@ controller:
# Annotations applied to created service account # Annotations applied to created service account
annotations: {} annotations: {}
name: workflow-controller name: workflow-controller
# Specify all namespaces to run worksflows need to be able to run in. This controls where the service
# account and RBAC resources will be created. If unspecified, will run in the default namespace.
workflowNamespaces: workflowNamespaces:
- default - default
containerRuntimeExecutor: docker containerRuntimeExecutor: docker