core/oc-k8s
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Integrating argo

Browse Source
This commit is contained in:
plm
2025-01-16 13:11:31 +01:00
parent c66de05c57
commit f6fa0e22d2
48 changed files with 6182 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
opencloud/templates/argo.yaml Normal file
View File

@@ -0,0 +1,87 @@
{{- if index .Values "argo-workflows" "enabled" }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: argo-workflow
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: custom-argo-clusterrole
rules:
# Default Argo permissions
- apiGroups: [""]
resources: ["configmaps", "pods", "pods/log", "secrets", "persistentvolumeclaims", "serviceaccounts"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "list", "watch"]
- apiGroups: ["argoproj.io"]
resources: ["workflows", "workflowtemplates", "cronworkflows", "workflowtasksets", "workfloweventbindings", "clusterworkflowtemplates"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["create", "delete", "get", "list", "update"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create", "delete", "get", "list", "watch"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["create", "get"]
# Full power activated
- apiGroups: [""]
resources: ["bindings", "endpoints", "events", "limitranges", "namespaces", "nodes", "persistentvolumes", "replicationcontrollers", "resourcequotas"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["apps"]
resources: ["daemonsets", "deployments", "replicasets", "statefulsets"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["autoscaling"]
resources: ["horizontalpodautoscalers"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["batch"]
resources: ["cronjobs"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["networkpolicies", "ingresses"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["policy"]
resources: ["poddisruptionbudgets"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["roles", "rolebindings", "clusterroles", "clusterrolebindings"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses", "volumeattachments"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["argoproj.io"]
resources: ["workflowtaskresults"]
verbs: ["create", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: custom-argo-clusterrolebinding
subjects:
- kind: ServiceAccount
name: argo-workflow
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: custom-argo-clusterrole
---
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
name: hello-world
namespace: {{ .Release.Namespace }}
spec:
entrypoint: whalesay
templates:
- name: whalesay
container:
image: docker/whalesay
command: [ cowsay ]
args: [ "hello world" ]
{{- end }}

8
opencloud/templates/hydra.yaml
View File

@@ -1,4 +1,4 @@
{{- if index .Values "mongo-express" "enabled" }}
{{- if index .Values "hydra" "enabled" }}
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@@ -8,11 +8,11 @@ spec:
- web
routes:
- kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/auth`)
match: Host(`{{ .Values.host }}`) && PathPrefix(`/hydra`)
priority: 10
services:
- kind: Service
name: {{ .Release.Name }}-mongo-express
name: {{ .Release.Name }}-hydra-public.{{ .Release.Namespace }}
passHostHeader: true
port: 8081
port: 4444
{{- end }}