From f517d37cf1459825bcaaa1d6878d58db4a978031 Mon Sep 17 00:00:00 2001 From: Alex Lokshin Date: Thu, 7 Nov 2024 09:58:42 -0500 Subject: [PATCH 1/2] feat: Argo workflows RBAC chart --- argo-workflows-rbac/Chart.yaml | 9 +++++++++ argo-workflows-rbac/README.md | 6 ++++++ argo-workflows-rbac/templates/rbac.yaml | 17 +++++++++++++++++ argo-workflows-rbac/values.schema.json | 7 +++++++ argo-workflows-rbac/values.yaml | 0 5 files changed, 39 insertions(+) create mode 100644 argo-workflows-rbac/Chart.yaml create mode 100644 argo-workflows-rbac/README.md create mode 100644 argo-workflows-rbac/templates/rbac.yaml create mode 100644 argo-workflows-rbac/values.schema.json create mode 100644 argo-workflows-rbac/values.yaml diff --git a/argo-workflows-rbac/Chart.yaml b/argo-workflows-rbac/Chart.yaml new file mode 100644 index 0000000..23930ff --- /dev/null +++ b/argo-workflows-rbac/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: argo-workflows-rbac +description: A Helm chart for creating an Argo Workflows rbac resources to allow access to workflow templates. + +type: application + +version: 0.0.1 + +appVersion: "0.0.1" diff --git a/argo-workflows-rbac/README.md b/argo-workflows-rbac/README.md new file mode 100644 index 0000000..5e77047 --- /dev/null +++ b/argo-workflows-rbac/README.md @@ -0,0 +1,6 @@ +# Argo Workflows RBAC helm chart + +A Helm chart for creating an Argo Workflows rbac resources to allow access to workflow templates. + +## Parameters + diff --git a/argo-workflows-rbac/templates/rbac.yaml b/argo-workflows-rbac/templates/rbac.yaml new file mode 100644 index 0000000..2ebffc0 --- /dev/null +++ b/argo-workflows-rbac/templates/rbac.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: czi-argo-workflows-server-cluster-template +rules: +- apiGroups: + - argoproj.io + resources: + - clusterworkflowtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete \ No newline at end of file diff --git a/argo-workflows-rbac/values.schema.json b/argo-workflows-rbac/values.schema.json new file mode 100644 index 0000000..8fa189b --- /dev/null +++ b/argo-workflows-rbac/values.schema.json @@ -0,0 +1,7 @@ +{ + "title": "Chart Values", + "type": "object", + "properties": { + + } +} \ No newline at end of file diff --git a/argo-workflows-rbac/values.yaml b/argo-workflows-rbac/values.yaml new file mode 100644 index 0000000..e69de29 From 136576e973e2704b7af14be7d73977c25648eef2 Mon Sep 17 00:00:00 2001 From: Alex Lokshin Date: Thu, 7 Nov 2024 10:09:27 -0500 Subject: [PATCH 2/2] bump --- argo-workflows-rbac/templates/rbac.yaml | 15 ++------- argo-workflows-rbac/values.schema.json | 41 ++++++++++++++++++++++++- argo-workflows-rbac/values.yaml | 19 ++++++++++++ 3 files changed, 61 insertions(+), 14 deletions(-) diff --git a/argo-workflows-rbac/templates/rbac.yaml b/argo-workflows-rbac/templates/rbac.yaml index 2ebffc0..47f3438 100644 --- a/argo-workflows-rbac/templates/rbac.yaml +++ b/argo-workflows-rbac/templates/rbac.yaml @@ -1,17 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: czi-argo-workflows-server-cluster-template + name: {{ .Values.clusterRole.name }} rules: -- apiGroups: - - argoproj.io - resources: - - clusterworkflowtemplates - verbs: - - get - - list - - watch - - create - - update - - patch - - delete \ No newline at end of file +{{ toYaml .Values.clusterRole.rules | indent 2 }} \ No newline at end of file diff --git a/argo-workflows-rbac/values.schema.json b/argo-workflows-rbac/values.schema.json index 8fa189b..6ed452e 100644 --- a/argo-workflows-rbac/values.schema.json +++ b/argo-workflows-rbac/values.schema.json @@ -2,6 +2,45 @@ "title": "Chart Values", "type": "object", "properties": { - + "clusterRole": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Cluster Role name to create", + "default": "czi-argo-workflows-server-cluster-template" + }, + "rules": { + "type": "array", + "description": "ApiGroups API groups to apply the rules to", + "items": { + "type": "object", + "properties": { + "apiGroups": { + "type": "array", + "description": "ApiGroups API groups to apply the rules to", + "items": { + "type": "string" + } + }, + "resources": { + "type": "array", + "description": "Resources to apply the rules to", + "items": { + "type": "string" + } + }, + "verbs": { + "type": "array", + "description": "Verbs to apply the rules to", + "items": { + "type": "string" + } + } + } + } + } + } + } } } \ No newline at end of file diff --git a/argo-workflows-rbac/values.yaml b/argo-workflows-rbac/values.yaml index e69de29..57278ab 100644 --- a/argo-workflows-rbac/values.yaml +++ b/argo-workflows-rbac/values.yaml @@ -0,0 +1,19 @@ +clusterRole: +## @param clusterRole.name Cluster Role name to create + name: czi-argo-workflows-server-cluster-template + rules: +## @param clusterRole.rules[0].apiGroups ApiGroups API groups to apply the rules to + - apiGroups: + - argoproj.io +## @param clusterRole.rules[0].resources Resources to apply the rules to + resources: + - clusterworkflowtemplates +## @param clusterRole.rules[0].verbs Verbs to apply the rules to + verbs: + - get + - list + - watch + - create + - update + - patch + - delete \ No newline at end of file