From 28b5b7d39ffe35254d247b9d9ad54d44623a1c9b Mon Sep 17 00:00:00 2001 From: mr Date: Thu, 19 Mar 2026 08:18:18 +0100 Subject: [PATCH] Provisionning Ns + TearDown Ns --- tools/kubernetes.go | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tools/kubernetes.go b/tools/kubernetes.go index 703d8fd..6c40f67 100644 --- a/tools/kubernetes.go +++ b/tools/kubernetes.go @@ -208,6 +208,43 @@ func (k *KubernetesService) CreateRoleBinding(ctx context.Context, ns string, ro return nil } +// ProvisionExecutionNamespace creates the full Argo execution environment for a +// namespace: namespace, service-account, role and role-binding. Idempotent — if +// the namespace already exists the call is a no-op. +func (k *KubernetesService) ProvisionExecutionNamespace(ctx context.Context, ns string) error { + existing, err := k.GetNamespace(ctx, ns) + if err != nil { + return err + } + if existing != nil { + return nil + } + if err := k.CreateNamespace(ctx, ns); err != nil { + return err + } + if err := k.CreateServiceAccount(ctx, ns); err != nil { + return err + } + role := "argo-role" + if err := k.CreateRole(ctx, ns, role, + [][]string{{"coordination.k8s.io"}, {""}, {""}}, + [][]string{{"leases"}, {"secrets"}, {"pods"}}, + [][]string{{"get", "create", "update"}, {"get"}, {"patch"}}, + ); err != nil { + return err + } + return k.CreateRoleBinding(ctx, ns, "argo-role-binding", role) +} + +// TeardownExecutionNamespace deletes the namespace and lets Kubernetes cascade +// the deletion of all contained resources (SA, Role, RoleBinding, pods…). +func (k *KubernetesService) TeardownExecutionNamespace(ctx context.Context, ns string) error { + if err := k.Set.CoreV1().Namespaces().Delete(ctx, ns, metav1.DeleteOptions{}); err != nil { + return errors.New("error deleting namespace " + ns + ": " + err.Error()) + } + return nil +} + func (k *KubernetesService) DeleteNamespace(ctx context.Context, ns string, f func()) error { targetGVR := schema.GroupVersionResource{ Group: "multicluster.admiralty.io",