Skip to content

Commit

Permalink
adding defined rbac roles for argo-events-sa (#43)
Browse files Browse the repository at this point in the history
  • Loading branch information
@magaldima
magaldima committed Jul 10, 2018
1 parent 8fde9ce commit 309f61f
Show file tree
Hide file tree
Showing 6 changed files with 37 additions and 44 deletions.
5 changes: 3 additions & 2 deletions controller/trigger.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package controller

import (
"fmt"
"strings"

"github.com/nats-io/go-nats"
"k8s.io/apimachinery/pkg/api/errors"
Expand Down Expand Up @@ -84,8 +85,8 @@ func (soc *sOperationCtx) executeTrigger(trigger v1alpha1.Trigger) error {

func sendMessage(message *v1alpha1.Message) error {
payload := []byte(message.Body)
switch message.Stream.Type {
case "NATS":
switch strings.ToLower(message.Stream.Type) {
case "nats":
natsConnection, err := nats.Connect(message.Stream.URL)
if err != nil {
return err
Expand Down
28 changes: 28 additions & 0 deletions hack/k8s/manifests/argo-events-cluster-roles.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argo-events-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argo-events-cluster-role
subjects:
- kind: ServiceAccount
name: argo-events-sa
# Todo: change this value to the respective namespace for argo-events
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argo-events-cluster-role
rules:
- apiGroups: ["argoproj.io"]
resources: ["sensors"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["argoproj.io"]
resources: ["workflows"]
verbs: ["create", "delete"]
- apiGroups: [""]
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
27 changes: 0 additions & 27 deletions hack/k8s/manifests/argo-events-roles.yaml
View file

This file was deleted.

3 changes: 1 addition & 2 deletions hack/k8s/manifests/argo-events-sa.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: argo-events
namespace: default
name: argo-events-sa
12 changes: 1 addition & 11 deletions hack/k8s/manifests/sensor-controller-configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: sensor-controller-configmap
namespace: default
data:
config: |
namespace: default
serviceAccount: argo-events
instanceID: axis
executorImage: argoproj/sensor-executor:latest
executorResources:
limits:
cpu: 150m
memory: 100Mi
requests:
cpu: 50m
memory: 50Mi
namespace: default
6 changes: 4 additions & 2 deletions hack/k8s/manifests/sensor-controller-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,15 @@ spec:
labels:
app: sensor-controller
spec:
serviceAccountName: argo-events
serviceAccountName: argo-events-sa
containers:
- name: sensor-controller
image: argoproj/sensor-controller:latest
imagePullPolicy: IfNotPresent
env:
- name: SENSOR_NAMESPACE
value: default
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SENSOR_CONFIG_MAP
value: sensor-controller-configmap

0 comments on commit 309f61f

Please sign in to comment.