Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: argo-workflows and argo-events deployments (JIRA:PUC-193) #20

Merged
merged 2 commits into from
Mar 20, 2024
Merged

feat: argo-workflows and argo-events deployments (JIRA:PUC-193) #20

merged 2 commits into from
Mar 20, 2024

Conversation

andrrax
Copy link
Contributor

@andrrax andrrax commented Mar 7, 2024

This creates basic argo-workflow and argo-events deployments

  • deploys argo-workflows in namespaced mode
  • argo-workflows controller monitors argo-events namespace
  • does not configure auth for argo-workflows
  • creates a single EventSource for a webhook event on POSTs to /nautobot
  • creates a single Sensor with dependency on the event described above which defines a single hello-world Workflow trigger

@andrrax andrrax changed the title argo-workflows and argo-events deployments feat: argo-workflows and argo-events deployments Mar 7, 2024
@andrrax andrrax changed the title feat: argo-workflows and argo-events deployments feat: argo-workflows and argo-events deployments (JIRA:PUC-193) Mar 7, 2024
@andrrax andrrax requested a review from cardoe March 7, 2024 17:14
@andrrax andrrax mentioned this pull request Mar 7, 2024
Closed
@andrrax andrrax force-pushed the PUC-193_argo-workflow-events branch from a27d7e9 to c5fd6ff Compare March 7, 2024 22:04
@cardoe
Copy link
Contributor

cardoe commented Mar 11, 2024

So just playing with workflows some I think these RBACs are big and maybe not correct?

Look at this role from the docs https://github.com/argoproj/argo-workflows/blob/main/manifests/quick-start/base/webhooks/submit-workflow-template-role.yaml which should be enough for an event to trigger a workflow. They use it in the example docs.

As far as auth goes, if we're wanting to expose the workflow view we should follow https://argo-workflows.readthedocs.io/en/latest/argo-server-sso/ and create accounts in keystone which dex will serve up.

@andrrax
Copy link
Contributor Author

andrrax commented Mar 11, 2024
edited
Loading

Look at this role from the docs https://github.com/argoproj/argo-workflows/blob/main/manifests/quick-start/base/webhooks/submit-workflow-template-role.yaml which should be enough for an event to trigger a workflow. They use it in the example docs.

I agree, I'll revisit the RBAC roles. That said, some of the RBAC role permissions were set to provide the argo-workflows UI access to view/create Workflows and WorkflowTemplates. Additionally, because argo-workflows is configured in a namespaced scope, ClusterRoles were used to provide permissions to the clusterworkflowtemplates cluster resource to the argo-server service account within the argo namespace. I think we'll likely want to make a decision on the workflow UI and if we want to run argo-workflows in namespaced or cluster scope so we can be precise with the RBAC perms.

@andrrax andrrax force-pushed the PUC-193_argo-workflow-events branch 4 times, most recently from 9258230 to 4cf0eaf Compare March 18, 2024 20:09
@andrrax andrrax force-pushed the PUC-193_argo-workflow-events branch from 4cf0eaf to 25d7d56 Compare March 18, 2024 20:11
@andrrax andrrax force-pushed the PUC-193_argo-workflow-events branch from 25d7d56 to 9d3c2ba Compare March 18, 2024 20:16
@andrrax andrrax requested a review from cardoe March 18, 2024 21:23
@andrrax
Copy link
Contributor Author

andrrax commented Mar 19, 2024

I have review the RBAC configuration, and updated the RBAC roles with additional context. Ultimately I feel this configuration is sound and necessary when running both argo-workflows/events in a managed namespace setup.

mfencik
mfencik approved these changes Mar 19, 2024
View reviewed changes
Copy link
Contributor

@mfencik mfencik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since dex will be implemented in another PR, i'm approving this so we can move forward

@skrobul skrobul mentioned this pull request Mar 20, 2024
Merged
@andrrax andrrax merged commit 83e3023 into main Mar 20, 2024
5 checks passed
@andrrax andrrax deleted the PUC-193_argo-workflow-events branch March 20, 2024 13:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skrobul skrobul skrobul left review comments

@mfencik mfencik mfencik approved these changes

@cardoe cardoe Awaiting requested review from cardoe

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@andrrax @cardoe @skrobul @mfencik