DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(argo-rbac): Fix Argocd Role and Rolebinding for missing VS group (#2)

Browse source
This commit is contained in:
Brandon J 2022-05-19 12:40:24 -06:00 committed by GitHub
parent bf82441ac3
commit d4376407a7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 226 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

224
charts/argo-cd/templates/argocd-application-controller/coreweave-role.yaml Normal file
View file

@ -0,0 +1,224 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argocd-full-access
rules:
- apiGroups:
- ""
- extensions
- apps
- networking.k8s.io
resources:
- pods
- pods/log
- pods/portforward
- pods/exec
- pods/attach
- configmaps
- endpoints
- events
- limitranges
- persistentvolumeclaims
- persistentvolumeclaims/finalizers
- podtemplates
- replicationcontrollers
- secrets
- services
- controllerrevisions
- deployments
- deployments/status
- replicasets
- statefulsets
- applications
- ingresses
- ingresses/status
- networkpolicies
- poddisruptionbudgets
- serviceaccounts
- deployments/scale
- statefulsets/scale
verbs:
- '*'
- apiGroups:
- bitnami.com
resources:
- sealedsecrets
verbs:
- '*'
- apiGroups:
- virtualservers.coreweave.com
resources:
- virtualservers
verbs:
- '*'
- apiGroups:
- argoproj.io
resources:
- workflows
- workfloweventbindings
- workflows/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows
- cronworkflows/finalizers
- applications
- appprojects
- workflowtaskresults
- workflowtasksets
- workflowtasksets/finalizers
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
verbs:
- list
- get
- watch
- create
- patch
- bind
- delete
- update
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- '*'
- apiGroups:
- serving.kubeflow.org
resources:
- inferenceservices
verbs:
- '*'
- apiGroups:
- serving.knative.dev
resources:
- services
- revisions
verbs:
- '*'
- apiGroups:
- autoscaling.internal.knative.dev
resources:
- podautoscalers
verbs:
- '*'
- apiGroups:
- networking.istio.io
resources:
- virtualservices
verbs:
- list
- get
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- '*'
- apiGroups:
- batch
- extensions
resources:
- jobs
- jobs/status
- cronjobs
verbs:
- '*'
- apiGroups:
- ""
resources:
- resourcequotas
- limitranges
verbs:
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
- list
- watch
- patch
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- tlsoptions
- tlsstores
- traefikservices
verbs:
- '*'
- apiGroups:
- cdi.kubevirt.io
resources:
- datavolumes
- datavolumes/source
verbs:
- '*'
- apiGroups:
- keda.sh
resources:
- scaledobjects
- scaledjobs
- triggerauthentications
verbs:
- '*'
- apiGroups:
- cert-manager.io
resources:
- certificates
- issuers
- certificaterequests
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
verbs:
- list
- get
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- '*'
- apiGroups:
- sps.tensorworks.com.au
resources:
- spsapps
- spsapps/status
- scalablepixelstreamingversions
- scalablepixelstreamingversions/status
- scalablepixelstreamingapplications/status
- scalablepixelstreamingapplications
verbs:
- '*'
- apiGroups:
- kubeflow.org
resources:
- mpijobs
- tfjobs
- mxjobs
- pytorchjobs
- xgboostjobs
- mpijobs/status
- tfjobs/status
- pytorchjobs/status
- mxjobs/status
- xgboostjobs/status
verbs:
- '*'

4
charts/argo-cd/templates/argocd-application-controller/coreweave-rolebinding.yaml
View file

@ -6,8 +6,8 @@ metadata:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: Role
name: cloud-app-user-full-access name: argocd-full-access
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ template "argo-cd.controllerServiceAccountName" . }} name: {{ template "argo-cd.controllerServiceAccountName" . }}