Skip to content

Commit e20cb28

Browse files
paguosjessesuen
authored andcommitted
Grant get secret role to controller to support persistence (argoproj#1615)
1 parent 644946e commit e20cb28

File tree

6 files changed

+64
-1
lines changed

6 files changed

+64
-1
lines changed

docs/workflow-controller-configmap.yaml

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -122,3 +122,36 @@ data:
122122
enabled: true
123123
path: /telemetry
124124
port: 8080
125+
126+
# enable persistence using postgres
127+
persistence:
128+
connectionPool:
129+
maxIdleConns: 100
130+
maxOpenConns: 0
131+
# save the entire workflow into etcd and DB
132+
nodeStatusOffLoad: false
133+
postgresql:
134+
host: localhost
135+
port: 5432
136+
database: postgres
137+
tableName: argo_workflows
138+
# the database secrets must be in the same namespace of the controller
139+
userNameSecret:
140+
name: argo-postgres-config
141+
key: username
142+
passwordSecret:
143+
name: argo-postgres-config
144+
key: password
145+
146+
# Optional config for mysql:
147+
# mysql:
148+
# host: localhost
149+
# port: 3306
150+
# database: argo
151+
# tableName: argo_workflows
152+
# userNameSecret:
153+
# name: argo-mysql-config
154+
# key: username
155+
# passwordSecret:
156+
# name: argo-mysql-config
157+
# key: password

manifests/cluster-install/workflow-controller-rbac/kustomization.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,3 +5,5 @@ resources:
55
- workflow-aggregate-roles.yaml
66
- workflow-controller-clusterrole.yaml
77
- workflow-controller-clusterrolebinding.yaml
8+
- workflow-controller-role.yaml
9+
- workflow-controller-rolebinding.yaml

manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,4 +58,4 @@ rules:
5858
- serviceaccounts
5959
verbs:
6060
- get
61-
- list
61+
- list
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
apiVersion: rbac.authorization.k8s.io/v1
2+
kind: Role
3+
metadata:
4+
name: argo-role
5+
rules:
6+
- apiGroups:
7+
- ""
8+
resources:
9+
- secrets
10+
verbs:
11+
- get
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
apiVersion: rbac.authorization.k8s.io/v1
2+
kind: RoleBinding
3+
metadata:
4+
name: argo-binding
5+
roleRef:
6+
apiGroup: rbac.authorization.k8s.io
7+
kind: Role
8+
name: argo-role
9+
subjects:
10+
- kind: ServiceAccount
11+
name: argo

manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,3 +59,9 @@ rules:
5959
verbs:
6060
- get
6161
- list
62+
- apiGroups:
63+
- ""
64+
resources:
65+
- secrets
66+
verbs:
67+
- get

0 commit comments

Comments
 (0)