02dcd41ec1
* feat(argo-workflows): allow additional rules for service account that runs the workflows Signed-off-by: fuyuan.chu <fuyuan.chu@airwallex.com> * Update charts/argo-workflows/templates/controller/workflow-role.yaml Co-authored-by: Aikawa <yu.croco@gmail.com> Signed-off-by: awx-fuyuanchu <86345114+awx-fuyuanchu@users.noreply.github.com> --------- Signed-off-by: fuyuan.chu <fuyuan.chu@airwallex.com> Signed-off-by: awx-fuyuanchu <86345114+awx-fuyuanchu@users.noreply.github.com> Co-authored-by: Aikawa <yu.croco@gmail.com>
26 lines
834 B
YAML
26 lines
834 B
YAML
{{- if .Values.workflow.rbac.create -}}
|
|
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: {{ template "argo-workflows.fullname" $ }}-workflow
|
|
labels:
|
|
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
|
|
{{- with $namespace }}
|
|
namespace: {{ . }}
|
|
{{- end }}
|
|
rules:
|
|
- apiGroups:
|
|
- argoproj.io
|
|
resources:
|
|
- workflowtaskresults
|
|
verbs:
|
|
- create
|
|
- patch
|
|
{{- with $.Values.workflow.rbac.rules }}
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- end }}
|