DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(argo): Allow setting up ServiceAccount and RBAC resources for running workflows (#402)

Browse source
This commit is contained in:
Markus Lippert 2020-09-08 18:18:26 +02:00 committed by GitHub
parent cc52713dbd
commit cddd6a6048
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 67 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/argo/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
appVersion: v2.8.0 appVersion: v2.8.0
description: A Helm chart for Argo Workflows description: A Helm chart for Argo Workflows
name: argo name: argo
version: 0.10.2 version: 0.11.0
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
maintainers: maintainers:

19
charts/argo/templates/workflow-rb.yaml Normal file
View file

@ -0,0 +1,19 @@
{{- if .Values.workflow.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Release.Name }}-workflow
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .Release.Name }}-workflow
subjects:
- kind: ServiceAccount
name: {{ .Values.workflow.serviceAccount.name }}
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
{{- end }}

25
charts/argo/templates/workflow-role.yaml Normal file
View file

@ -0,0 +1,25 @@
{{- if .Values.workflow.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Release.Name }}-workflow
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- watch
- patch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- watch
{{- end }}

13
charts/argo/templates/workflow-sa.yaml Normal file
View file

@ -0,0 +1,13 @@
{{- if .Values.workflow.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.workflow.serviceAccount.name }}
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
{{- with .Values.workflow.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

9
charts/argo/values.yaml
View file

@ -23,6 +23,15 @@ createAggregateRoles: true
# and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy. # and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy.
singleNamespace: false singleNamespace: false
workflow:
namespace: "" # Speficy namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created.
serviceAccount:
create: false # Specifies whether a service account should be created
annotations: {}
name: "argo-workflow" # Service account which is used to run workflows
rbac:
create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows
controller: controller:
image: image:
# Overrides .images.tag if defined. # Overrides .images.tag if defined.