Skip to content
This repository has been archived by the owner on Sep 16, 2024. It is now read-only.

Commit

Permalink
fix: failed to deploy argo workflow
Browse files Browse the repository at this point in the history
Signed-off-by: thxCode <[email protected]>
  • Loading branch information
thxCode committed Apr 24, 2024
1 parent 2a5bc39 commit cde42be
Show file tree
Hide file tree
Showing 2 changed files with 89 additions and 4 deletions.
7 changes: 6 additions & 1 deletion pkg/systemapp/argo_workflows.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ fullnameOverride: "{{ .Release }}"
namespaceOverride: "{{ .Namespace }}"
singleNamespace: true
singleNamespace: false
workflow:
rbac:
Expand All @@ -55,6 +55,11 @@ controller:
registry: "{{ .ImageRegistry }}"
repository: "sealio/mirrored-workflow-controller"
name: "controller"
instanceID:
enabled: true
useReleaseName: true
workflowNamespaces: []
persistence: {}
executor:
image:
Expand Down
86 changes: 83 additions & 3 deletions pkg/systemauthz/kuberes.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"fmt"

"github.com/argoproj/argo-workflows/v3/pkg/apis/workflow"
batch "k8s.io/api/batch/v1"
core "k8s.io/api/core/v1"
rbac "k8s.io/api/rbac/v1"
Expand Down Expand Up @@ -182,7 +183,86 @@ func Initialize(ctx context.Context, cli clientset.Interface) error {
rbac.VerbAll,
},
},
// Kaniko need to manage basic Jobs, Secrets, Pods and Pods/Log for kaniko.
// Argo Workflow need to manage:
// - Pods
// - WorkflowTaskResults
// - WorkflowTaskSets(/status)
// - WorkflowArtifactGCTasks(/status)
{
APIGroups: []string{
core.GroupName,
},
Resources: []string{
"pods",
},
Verbs: []string{
"get",
"watch",
"patch",
},
},
{
APIGroups: []string{
core.GroupName,
},
Resources: []string{
"pods/log",
},
Verbs: []string{
"get",
"watch",
},
},
{
APIGroups: []string{
core.GroupName,
},
Resources: []string{
"pods/exec",
},
Verbs: []string{
"create",
},
},
{
APIGroups: []string{
workflow.Group,
},
Resources: []string{
"workflowtaskresults",
},
Verbs: []string{
"create",
"patch",
},
},
{
APIGroups: []string{
workflow.Group,
},
Resources: []string{
"workflowtasksets",
"workflowartifactgctasks",
},
Verbs: []string{
"list",
"watch",
},
},
{
APIGroups: []string{
workflow.Group,
},
Resources: []string{
"workflowtasksets/status",
"workflowartifactgctasks/status",
},
Verbs: []string{
"patch",
},
},
// Kaniko need to manage:
// - basic Jobs, Secrets and Pods(/log).
{
APIGroups: []string{
batch.GroupName,
Expand All @@ -191,7 +271,7 @@ func Initialize(ctx context.Context, cli clientset.Interface) error {
"jobs",
},
Verbs: []string{
rbac.VerbAll,
rbac.VerbAll, // TODO: need to narrow.
},
},
{
Expand All @@ -204,7 +284,7 @@ func Initialize(ctx context.Context, cli clientset.Interface) error {
"pods/log",
},
Verbs: []string{
rbac.VerbAll,
rbac.VerbAll, // TODO: need to narrow.
},
},
},
Expand Down

0 comments on commit cde42be

Please sign in to comment.