From 0516109a8a33f116d7a92d20c32ab2aefe086111 Mon Sep 17 00:00:00 2001 From: nicholaskuechler Date: Wed, 19 Jun 2024 11:08:21 -0500 Subject: [PATCH 1/4] feat: Enable argo client auth mode and add service account for argo api usaage --- components/argo-events/argo-api-user.yaml | 44 +++++++++++++++++++ .../patch-server-deployment.yaml | 1 + 2 files changed, 45 insertions(+) create mode 100644 components/argo-events/argo-api-user.yaml diff --git a/components/argo-events/argo-api-user.yaml b/components/argo-events/argo-api-user.yaml new file mode 100644 index 000000000..3c7617a10 --- /dev/null +++ b/components/argo-events/argo-api-user.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argoapi + namespace: argo-events +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - list + - update + - create + - patch +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argoapi + namespace: argo-events +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argoapi + namespace: argo-events +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argoapi +subjects: +- kind: ServiceAccount + name: argoapi + namespace: argo-events +--- +apiVersion: v1 +kind: Secret +metadata: + name: argoapi.service-account-token + annotations: + kubernetes.io/service-account.name: argoapi +type: kubernetes.io/service-account-token diff --git a/components/argo-workflows/patch-server-deployment.yaml b/components/argo-workflows/patch-server-deployment.yaml index 0445528ca..c64cf9552 100644 --- a/components/argo-workflows/patch-server-deployment.yaml +++ b/components/argo-workflows/patch-server-deployment.yaml @@ -4,6 +4,7 @@ value: - server - --auth-mode=sso + - --auth-mode=client - --namespaced - --managed-namespace - argo-events From f7ad5e07ed0c5ce3570b31901dd775dea29b701d Mon Sep 17 00:00:00 2001 From: nicholaskuechler Date: Wed, 19 Jun 2024 11:09:12 -0500 Subject: [PATCH 2/4] feat: Enable argo client auth mode and add service account for argo api usaage --- components/argo-events/kustomization.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/components/argo-events/kustomization.yaml b/components/argo-events/kustomization.yaml index 4879c23df..e2a1ca722 100644 --- a/components/argo-events/kustomization.yaml +++ b/components/argo-events/kustomization.yaml @@ -22,3 +22,6 @@ resources: - workflow-role.yaml - configmaps.yaml + + # adds argoapi service account user + - argo-api-user.yaml From 32a19739c007c9cff20870da55b607e79363c257 Mon Sep 17 00:00:00 2001 From: nicholaskuechler Date: Wed, 19 Jun 2024 11:37:16 -0500 Subject: [PATCH 3/4] feat: Enable argo client auth mode and add service account for argo api usaage --- components/argo-events/argo-api-user.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/components/argo-events/argo-api-user.yaml b/components/argo-events/argo-api-user.yaml index 3c7617a10..4ad4bd2e7 100644 --- a/components/argo-events/argo-api-user.yaml +++ b/components/argo-events/argo-api-user.yaml @@ -9,6 +9,7 @@ rules: - argoproj.io resources: - workflows + - workflowtemplates verbs: - list - update From 0e9692f9d1de6358e322aa0578e5c6486a2c51b8 Mon Sep 17 00:00:00 2001 From: nicholaskuechler Date: Wed, 19 Jun 2024 11:41:27 -0500 Subject: [PATCH 4/4] feat: Enable argo client auth mode and add service account for argo api usaage --- components/argo-events/argo-api-user.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/components/argo-events/argo-api-user.yaml b/components/argo-events/argo-api-user.yaml index 4ad4bd2e7..56c3bc757 100644 --- a/components/argo-events/argo-api-user.yaml +++ b/components/argo-events/argo-api-user.yaml @@ -9,6 +9,14 @@ rules: - argoproj.io resources: - workflows + verbs: + - list + - update + - create + - patch +- apiGroups: + - argoproj.io + resources: - workflowtemplates verbs: - list