DevFW-CICD/argocd-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
argocd-helm/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml
g-linville 7a06415d83
feat(argo-workflows): add value to avoid creating RBAC related to ClusterWorkflowTemplates (#657) 
* Argo Workflows: avoid creating ClusterRoles and CRBs if singleNamespace is true

Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com>

* Argo Workflows: bumped chart version

Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com>

* Argo: remove clusterworkflowtemplates from WorkflowController role

Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com>

* feat(argo-workflows): add value to disable creation of RBAC relating to ClusterWorkflowTemplates

Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com>

* Bumped chart version

Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com>
2021-05-25 08:06:31 +02:00

51 lines
1.7 KiB
YAML
Raw Blame History

apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: RoleBinding
{{ else }}
kind: ClusterRoleBinding
{{- end }}
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if .Values.singleNamespace }}
kind: Role
{{ else }}
kind: ClusterRole
{{- end }}
name: {{ template "argo-workflows.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.controller.workflowNamespaces }}
{{- $uiServiceAccount := (include "argo-workflows.controllerServiceAccountName" .) }}
{{- $namespace := .Release.Namespace }}
{{- range $key := .Values.controller.workflowNamespaces }}
{{- if not (eq $key $namespace) }}
- kind: ServiceAccount
name: {{ $uiServiceAccount }}
namespace: {{ $key }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.controller.clusterWorkflowTemplates.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
subjects:
- kind: ServiceAccount
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
Reference in a new issue View git blame Copy permalink