-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: implement argo-events (JIRA:PUC-193)
- Loading branch information
Showing
9 changed files
with
429 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,140 @@ | ||
# This role was sourced from the argo-workflows installation manifest, and is included to provide the neccessary RBAC | ||
# configuration for a namespaced argo-workflows/events install. Typically this role would be created within the | ||
# argo-workflows namespace, however since this installation is configured to use the argo-events namespace, this role | ||
# will need to be created here. | ||
# | ||
# https://github.com/argoproj/argo-workflows/blob/main/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml | ||
|
||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
annotations: | ||
name: argo-role | ||
namespace: argo-events | ||
rules: | ||
- apiGroups: | ||
- coordination.k8s.io | ||
resources: | ||
- leases | ||
verbs: | ||
- create | ||
- get | ||
- update | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- pods | ||
- pods/exec | ||
verbs: | ||
- create | ||
- get | ||
- list | ||
- watch | ||
- update | ||
- patch | ||
- delete | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- configmaps | ||
verbs: | ||
- get | ||
- watch | ||
- list | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- persistentvolumeclaims | ||
- persistentvolumeclaims/finalizers | ||
verbs: | ||
- create | ||
- update | ||
- delete | ||
- get | ||
- apiGroups: | ||
- argoproj.io | ||
resources: | ||
- workflows | ||
- workflows/finalizers | ||
- workflowtasksets | ||
- workflowtasksets/finalizers | ||
- workflowartifactgctasks | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- update | ||
- patch | ||
- delete | ||
- create | ||
- apiGroups: | ||
- argoproj.io | ||
resources: | ||
- workflowtemplates | ||
- workflowtemplates/finalizers | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- apiGroups: | ||
- argoproj.io | ||
resources: | ||
- workflowtaskresults | ||
verbs: | ||
- list | ||
- watch | ||
- deletecollection | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- serviceaccounts | ||
verbs: | ||
- get | ||
- list | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- secrets | ||
verbs: | ||
- get | ||
- apiGroups: | ||
- argoproj.io | ||
resources: | ||
- cronworkflows | ||
- cronworkflows/finalizers | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- update | ||
- patch | ||
- delete | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- events | ||
verbs: | ||
- create | ||
- patch | ||
- apiGroups: | ||
- policy | ||
resources: | ||
- poddisruptionbudgets | ||
verbs: | ||
- create | ||
- get | ||
- delete | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
name: argo-role-binding | ||
namespace: argo-events | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: Role | ||
name: argo-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: argo | ||
namespace: argo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
# This role was sourced from the argo-workflows installation manifest, and is included to provide the neccessary RBAC | ||
# configuration for a namespaced argo-workflows/events install. Typically this role would be created within the | ||
# argo-workflows namespace, however since this installation is configured to use the argo-events namespace, this role | ||
# will need to be created here. | ||
# | ||
# https://github.com/argoproj/argo-workflows/blob/main/manifests/namespace-install/argo-server-rbac/argo-server-role.yaml | ||
|
||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
annotations: | ||
name: argo-server-role | ||
namespace: argo-events | ||
rules: | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- configmaps | ||
verbs: | ||
- get | ||
- watch | ||
- list | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- secrets | ||
verbs: | ||
- get | ||
- create | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- pods | ||
- pods/exec | ||
- pods/log | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- delete | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- events | ||
verbs: | ||
- watch | ||
- create | ||
- patch | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- serviceaccounts | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- apiGroups: | ||
- argoproj.io | ||
resources: | ||
- eventsources | ||
- sensors | ||
- workflows | ||
- workfloweventbindings | ||
- workflowtemplates | ||
- cronworkflows | ||
- cronworkflows/finalizers | ||
verbs: | ||
- create | ||
- get | ||
- list | ||
- watch | ||
- update | ||
- patch | ||
- delete | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
name: argo-server-role-binding | ||
namespace: argo-events | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: Role | ||
name: argo-server-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: argo-server | ||
namespace: argo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
name: default-role | ||
namespace: argo-events | ||
rules: | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- pods | ||
verbs: | ||
- patch | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
name: default-binding | ||
namespace: argo-events | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: Role | ||
name: default-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: default |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: EventBus | ||
metadata: | ||
name: default | ||
spec: | ||
nats: | ||
native: | ||
# Optional, defaults to 3. If it is < 3, set it to 3, that is the minimal requirement. | ||
replicas: 3 | ||
# Optional, authen strategy, "none" or "token", defaults to "none" | ||
auth: token | ||
# containerTemplate: | ||
# resources: | ||
# requests: | ||
# cpu: "10m" | ||
# metricsContainerTemplate: | ||
# resources: | ||
# requests: | ||
# cpu: "10m" | ||
# antiAffinity: false | ||
# persistence: | ||
# storageClassName: standard | ||
# accessMode: ReadWriteOnce | ||
# volumeSize: 10Gi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
# This ServiceAccount and Role are used by the EventSensor to trigger Workflows. This Role is distinct and | ||
# separate from the Role Workflows use to make calls to the kubernetes API. | ||
# | ||
# https://github.com/argoproj/argo-events/blob/master/examples/rbac/sensor-rbac.yaml | ||
|
||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: operate-workflow-sa | ||
--- | ||
# Similarly you can use a ClusterRole and ClusterRoleBinding | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
name: operate-workflow-role | ||
rules: | ||
- apiGroups: | ||
- argoproj.io | ||
verbs: | ||
- "*" | ||
resources: | ||
- workflows | ||
- workflowtemplates | ||
- cronworkflows | ||
- clusterworkflowtemplates | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
name: operate-workflow-role-binding | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: Role | ||
name: operate-workflow-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: operate-workflow-sa |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
--- | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: EventSource | ||
metadata: | ||
name: nautobot-webhook | ||
spec: | ||
service: | ||
ports: | ||
- name: insecure | ||
port: 12000 | ||
targetPort: 12000 | ||
webhook: | ||
nautobot: | ||
endpoint: /nautobot | ||
method: POST | ||
port: "12000" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
--- | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: Sensor | ||
metadata: | ||
name: nautobot-webhook | ||
spec: | ||
template: | ||
serviceAccountName: operate-workflow-sa | ||
dependencies: | ||
- name: nautobot-dep | ||
eventSourceName: nautobot-webhook # must match EventSource name | ||
eventName: nautobot # must match event name defined in EventSource | ||
triggers: | ||
- template: | ||
name: nautobot-workflow-trigger | ||
k8s: | ||
operation: create | ||
source: | ||
resource: | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: Workflow | ||
metadata: | ||
generateName: nautobot-webhook- | ||
spec: | ||
serviceAccountName: workflow | ||
entrypoint: whalesay | ||
arguments: | ||
parameters: | ||
- name: message | ||
# the value will get overridden by event payload from test-dep | ||
value: hello world | ||
templates: | ||
- name: whalesay | ||
inputs: | ||
parameters: | ||
- name: message | ||
container: | ||
image: docker/whalesay:latest | ||
command: [cowsay] | ||
args: ["{{inputs.parameters.message}}"] | ||
parameters: | ||
- src: | ||
dependencyName: nautobot-dep | ||
dataKey: body | ||
dest: spec.arguments.parameters.0.value |
Oops, something went wrong.