diff --git a/k8s-peterg/argo-workflows/values.yaml b/k8s-peterg/argo-workflows/values.yaml index 4924f79..93e9be8 100644 --- a/k8s-peterg/argo-workflows/values.yaml +++ b/k8s-peterg/argo-workflows/values.yaml @@ -46,22 +46,6 @@ workflow: rules: [] controller: - image: - # -- Registry to use for the controller - registry: quay.io - # -- Registry to use for the controller - repository: argoproj/workflow-controller - # -- Image tag for the workflow controller. Defaults to `.Values.images.tag`. - tag: "" - # -- parallelism dictates how many workflows can be running at the same time - parallelism: - # -- Globally limits the rate at which pods are created. - # This is intended to mitigate flooding of the Kubernetes API server by workflows with a large amount of - # parallel nodes. - resourceRateLimit: {} - # limit: 10 - # burst: 1 - rbac: # -- Adds Role and RoleBinding for the controller. create: true @@ -80,68 +64,6 @@ controller: # -- ConfigMap annotations annotations: {} - # -- Limits the maximum number of incomplete workflows in a namespace - namespaceParallelism: - # -- Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224 - initialDelay: - # -- deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment - deploymentAnnotations: {} - # -- podAnnotations is an optional map of annotations to be applied to the controller Pods - podAnnotations: {} - # -- Optional labels to add to the controller pods - podLabels: {} - # -- SecurityContext to set on the controller pods - podSecurityContext: {} - # podPortName: http - metricsConfig: - # -- Enables prometheus metrics server - enabled: false - # -- Path is the path where metrics are emitted. Must start with a "/". - path: /metrics - # -- Frequency at which prometheus scrapes metrics - interval: 30s - # -- Port is the port where metrics are emitted - port: 9090 - # -- How often custom metrics are cleared from memory - metricsTTL: "" - # -- Flag that instructs prometheus to ignore metric emission errors. - ignoreErrors: false - # -- Flag that use a self-signed cert for TLS - secure: false - # -- Container metrics port name - portName: metrics - # -- Service metrics port - servicePort: 8080 - # -- Service metrics port name - servicePortName: metrics - # -- serviceMonitor scheme - scheme: http - # -- Flag to enable headless service - headlessService: false - # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. - ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#honorlabels - honorLabels: false - # -- ServiceMonitor relabel configs to apply to samples before scraping - ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - relabelings: [] - # -- ServiceMonitor metric relabel configs to apply to samples before ingestion - ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint - metricRelabelings: [] - # -- ServiceMonitor will add labels from the service to the Prometheus metric - ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec - targetLabels: [] - # -- Manipulate the metrics created by the workflow controller - ## Ref: https://argo-workflows.readthedocs.io/en/latest/metrics/#modifiers - modifiers: {} - - # -- the controller container's securityContext - securityContext: - readOnlyRootFilesystem: true - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL # -- enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available. ## Ref: https://argo-workflows.readthedocs.io/en/stable/workflow-archive/ persistence: {} @@ -192,51 +114,6 @@ controller: # configMap: my-artifact-repository # default is "artifact-repositories" # key: v2-s3-artifact-repository # default can be set by the `workflows.argoproj.io/default-artifact-repository` annotation in config map. - # -- Number of workflow workers - workflowWorkers: # 32 - # -- Number of workflow TTL workers - workflowTTLWorkers: # 4 - # -- Number of pod cleanup workers - podCleanupWorkers: # 4 - # -- Number of cron workflow workers - # Only valid for 3.5+ - cronWorkflowWorkers: # 8 - # -- Restricts the Workflows that the controller will process. - # Only valid for 2.9+ - workflowRestrictions: {} - # templateReferencing: Strict|Secure - - # telemetryConfig controls the path and port for prometheus telemetry. Telemetry is enabled and emitted in the same endpoint - # as metrics by default, but can be overridden using this config. - telemetryConfig: - # -- Enables prometheus telemetry server - enabled: false - # -- telemetry path - path: /telemetry - # -- Frequency at which prometheus scrapes telemetry data - interval: 30s - # -- telemetry container port - port: 8081 - # -- How often custom metrics are cleared from memory - metricsTTL: "" - # -- Flag that instructs prometheus to ignore metric emission errors. - ignoreErrors: false - # -- Flag that use a self-signed cert for TLS - secure: false - # -- telemetry service port - servicePort: 8081 - # -- telemetry service port name - servicePortName: telemetry - # -- telemetry serviceMonitor scheme to use - scheme: http - serviceMonitor: - # -- Enable a prometheus ServiceMonitor - enabled: false - # -- Prometheus ServiceMonitor labels - additionalLabels: {} - # -- Prometheus ServiceMonitor namespace - namespace: "" # "monitoring" - serviceAccount: # -- Create a service account for the controller create: true @@ -256,20 +133,6 @@ controller: workflowNamespaces: - default - instanceID: - # -- Configures the controller to filter workflow submissions - # to only those which have a matching instanceID attribute. - ## NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName` - ## or `instanceID.explicitID` must be defined. - enabled: false - # -- Use ReleaseName as instanceID - useReleaseName: false - # useReleaseName: true - - # -- Use a custom instanceID - explicitID: "" - # explicitID: unique-argo-controller-identifier - logging: # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) level: info @@ -278,209 +141,6 @@ controller: # -- Set the logging format (one of: `text`, `json`) format: "text" - # -- Service type of the controller Service - serviceType: ClusterIP - # -- Annotations to be applied to the controller Service - serviceAnnotations: {} - # -- Optional labels to add to the controller Service - serviceLabels: {} - # -- The class of the load balancer implementation - loadBalancerClass: "" - # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer` - loadBalancerSourceRanges: [] - - # -- Resource limits and requests for the controller - resources: {} - - # -- Configure liveness [probe] for the controller - # @default -- See [values.yaml] - livenessProbe: - httpGet: - port: 6060 - path: /healthz - failureThreshold: 3 - initialDelaySeconds: 90 - periodSeconds: 60 - timeoutSeconds: 30 - - # -- Extra environment variables to provide to the controller container - extraEnv: [] - # - name: FOO - # value: "bar" - - # -- Extra arguments to be added to the controller - extraArgs: [] - # -- Additional volume mounts to the controller main container - volumeMounts: [] - # -- Additional volumes to the controller pod - volumes: [] - # -- The number of controller pods to run - replicas: 1 - # -- The number of revisions to keep. - revisionHistoryLimit: 10 - - pdb: - # -- Configure [Pod Disruption Budget] for the controller pods - enabled: false - # minAvailable: 1 - # maxUnavailable: 1 - - # -- [Node selector] - nodeSelector: - kubernetes.io/os: linux - # -- [Tolerations] for use with node taints - tolerations: [] - # -- Assign custom [affinity] rules - affinity: {} - - # -- Assign custom [TopologySpreadConstraints] rules to the workflow controller - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment - topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule - - # -- Leverage a PriorityClass to ensure your pods survive resource shortages. - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - priorityClassName: "" - - # -- Configure Argo Server to show custom [links] - ## Ref: https://argo-workflows.readthedocs.io/en/stable/links/ - links: [] - # -- Configure Argo Server to show custom [columns] - ## Ref: https://github.com/argoproj/argo-workflows/pull/10693 - columns: [] - # -- Set ui navigation bar background color - navColor: "" - clusterWorkflowTemplates: - # -- Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. - enabled: true - # -- Extra service accounts to be added to the ClusterRoleBinding - serviceAccounts: [] - # - name: my-service-account - # namespace: my-namespace - # -- Extra containers to be added to the controller deployment - extraContainers: [] - - # -- Enables init containers to be added to the controller deployment - extraInitContainers: [] - - # -- Workflow retention by number of workflows - retentionPolicy: {} - # completed: 10 - # failed: 3 - # errored: 3 - - nodeEvents: - # -- Enable to emit events on node completion. - ## This can take up a lot of space in k8s (typically etcd) resulting in errors when trying to create new events: - ## "Unable to create audit event: etcdserver: mvcc: database space exceeded" - enabled: true - - workflowEvents: - # -- Enable to emit events on workflow status changes. - ## This can take up a lot of space in k8s (typically etcd), resulting in errors when trying to create new events: - ## "Unable to create audit event: etcdserver: mvcc: database space exceeded" - enabled: true - - # -- Configure when workflow controller runs in a different k8s cluster with the workflow workloads, - # or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. - # @default -- `{}` (See [values.yaml]) - kubeConfig: {} - # # name of the kubeconfig secret, may not be empty when kubeConfig specified - # secretName: kubeconfig-secret - # # key of the kubeconfig secret, may not be empty when kubeConfig specified - # secretKey: kubeconfig - # # mounting path of the kubeconfig secret, default to /kube/config - # mountPath: /kubeconfig/mount/path - # # volume name when mounting the secret, default to kubeconfig - # volumeName: kube-config-volume - - # -- Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately. - # @default -- `30` seconds (Kubernetes default) - podGCGracePeriodSeconds: - - # -- The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. - # @default -- `5s` (Argo Workflows default) - podGCDeleteDelayDuration: "" - - # -- enable Synchronization to use a database. Postgres and MySQL (>= 5.7.8) are available. - ## Ref: https://argo-workflows.readthedocs.io/en/latest/workflow-controller-configmap/#syncconfig - synchronization: {} - # controllerName: argo-workflows - # connectionPool: - # maxIdleConns: 100 - # maxOpenConns: 0 - # postgresql: - # host: localhost - # port: 5432 - # database: postgres - # tableName: argo_workflows - # # the database secrets must be in the same namespace of the controller - # userNameSecret: - # name: argo-postgres-config - # key: username - # passwordSecret: - # name: argo-postgres-config - # key: password - # ssl: true - # # sslMode must be one of: disable, require, verify-ca, verify-full - # # you can find more information about those ssl options here: https://godoc.org/github.com/lib/pq - # sslMode: require - # mysql: - # host: localhost - # port: 3306 - # database: argo - # tableName: argo_workflows - # userNameSecret: - # name: argo-mysql-config - # key: username - # passwordSecret: - # name: argo-mysql-config - # key: password - - failedPodRestart: - # -- Enable to restart of pods that fail before entering Running state. - ## This is useful for recovering from transient infrastructure issues like node eviction due to DiskPressure or MemoryPressure without requiring a retryStrategy on every template. - ## ref: https://argo-workflows.readthedocs.io/en/latest/pod-restarts/ - enabled: false - # -- Maximum number of automatic restarts per node before giving up. - maxRestarts: 3 - -# mainContainer adds default config for main container that could be overriden in workflows template -mainContainer: - # -- imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`. - imagePullPolicy: "" - # -- Resource limits and requests for the Workflow main container - resources: {} - # -- Adds environment variables for the Workflow main container - env: [] - # -- Adds reference environment variables for the Workflow main container - envFrom: [] - # -- sets security context for the Workflow main container - securityContext: {} - -# executor controls how the init and wait container should be customized -executor: - image: - # -- Registry to use for the Workflow Executors - registry: quay.io - # -- Repository to use for the Workflow Executors - repository: argoproj/argoexec - # -- Image tag for the workflow executor. Defaults to `.Values.images.tag`. - tag: "" - # -- Image PullPolicy to use for the Workflow Executors. Defaults to `.Values.images.pullPolicy`. - pullPolicy: "" - # -- Resource limits and requests for the Workflow Executors - resources: {} - # -- Passes arguments to the executor processes - args: [] - # -- Adds environment variables for the executor. - env: [] - # -- sets security context for the executor container - securityContext: {} - server: # -- Deploy the Argo Server enabled: true @@ -496,44 +156,10 @@ server: repository: argoproj/argocli # -- Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`. tag: "" - # -- optional map of annotations to be applied to the ui Deployment - deploymentAnnotations: {} - # -- optional map of annotations to be applied to the ui Pods - podAnnotations: {} - # -- Optional labels to add to the UI pods - podLabels: {} - # -- SecurityContext to set on the server pods - podSecurityContext: {} rbac: # -- Adds Role and RoleBinding for the server. create: true # -- Servers container-level security context - securityContext: - readOnlyRootFilesystem: false - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - # -- Server name string - name: server - # -- Service type for server pods - serviceType: ClusterIP - # -- Service port for server - servicePort: 2746 - # -- Service target port for server - serviceTargetPort: 2746 - # -- Service node port - serviceNodePort: # 32746 - # -- Service port name - servicePortName: "" # http - - # -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files - hostAliases: [] - # - ip: 10.20.30.40 - # hostnames: - # - git.myhostname - serviceAccount: # -- Create a service account for the server create: true @@ -544,192 +170,16 @@ server: # -- Annotations applied to created service account annotations: {} - # -- Annotations to be applied to the UI Service - serviceAnnotations: {} - # -- Optional labels to add to the UI Service - serviceLabels: {} - # -- The class of the load balancer implementation - loadBalancerClass: "" - # -- Static IP address to assign to loadBalancer service type `LoadBalancer` - loadBalancerIP: "" - # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer` - loadBalancerSourceRanges: [] - # -- Resource limits and requests for the server - resources: {} - # -- The number of server pods to run - replicas: 1 - # -- The number of revisions to keep. - revisionHistoryLimit: 10 - ## Argo Server Horizontal Pod Autoscaler - autoscaling: - # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server - enabled: false - # -- Minimum number of replicas for the Argo Server [HPA] - minReplicas: 1 - # -- Maximum number of replicas for the Argo Server [HPA] - maxReplicas: 5 - # -- Average CPU utilization percentage for the Argo Server [HPA] - targetCPUUtilizationPercentage: 50 - # -- Average memory utilization percentage for the Argo Server [HPA] - targetMemoryUtilizationPercentage: 50 - # -- Configures the scaling behavior of the target in both Up and Down directions. - # This is only available on HPA apiVersion `autoscaling/v2beta2` and newer - behavior: {} - # scaleDown: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 1 - # periodSeconds: 180 - # scaleUp: - # stabilizationWindowSeconds: 300 - # policies: - # - type: Pods - # value: 2 - pdb: - # -- Configure [Pod Disruption Budget] for the server pods - enabled: false - # minAvailable: 1 - # maxUnavailable: 1 - - # -- [Node selector] - nodeSelector: - kubernetes.io/os: linux - - # -- [Tolerations] for use with node taints - tolerations: [] - - # -- Assign custom [affinity] rules - affinity: {} - - # -- Assign custom [TopologySpreadConstraints] rules to the argo server - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment - topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule - - # -- Leverage a PriorityClass to ensure your pods survive resource shortages - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - priorityClassName: "" - - # -- Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs. - ## See the following documentation for more details on secure mode: - ## https://argo-workflows.readthedocs.io/en/stable/tls/ - secure: false - - # -- Extra environment variables to provide to the argo-server container - extraEnv: [] - # - name: FOO - # value: "bar" - - # -- Deprecated; use server.authModes instead. - authMode: "" - # -- A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. ## Ref: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/ authModes: - sso - # -- Extra arguments to provide to the Argo server binary. - ## Ref: https://argo-workflows.readthedocs.io/en/stable/argo-server/#options - extraArgs: [] - - logging: - # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) - level: info - # -- Set the glog logging level - globallevel: "0" - # -- Set the logging format (one of: `text`, `json`) - format: "text" - - # -- Volume to be mounted in Pods for temporary files. - tmpVolume: - emptyDir: {} - # -- Additional volume mounts to the server main container. - volumeMounts: [] - # -- Additional volumes to the server pod. - volumes: [] - ## Ingress configuration. # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: # -- Enable an ingress resource enabled: false - # -- Additional ingress annotations - annotations: {} - # -- Additional ingress labels - labels: {} - # -- Defines which ingress controller will implement the resource - ingressClassName: "" - - # -- List of ingress hosts - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - hosts: [] - # - argoworkflows.example.com - - # -- List of ingress paths - paths: - - / - - # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` - pathType: Prefix - # -- Additional ingress paths - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) - # - path: /* - # pathType: Prefix - # backend: - # service - # name: ssl-redirect - # port: - # name: use-annotation - - # -- Ingress TLS configuration - tls: [] - # - secretName: argoworkflows-example-tls - # hosts: - # - argoworkflows.example.com - - ## Create a Google Backendconfig for use with the GKE Ingress Controller - ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters - GKEbackendConfig: - # -- Enable BackendConfig custom resource for Google Kubernetes Engine - enabled: false - # -- [BackendConfigSpec] - spec: {} - # spec: - # iap: - # enabled: true - # oauthclientCredentials: - # secretName: argoworkflows-secret - - ## Create a Google Managed Certificate for use with the GKE Ingress Controller - ## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs - GKEmanagedCertificate: - # -- Enable ManagedCertificate custom resource for Google Kubernetes Engine. - enabled: false - # -- Domains for the Google Managed Certificate - domains: - - argoworkflows.example.com - - ## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller - ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters - GKEfrontendConfig: - # -- Enable FrontConfig custom resource for Google Kubernetes Engine - enabled: false - # -- [FrontendConfigSpec] - spec: {} - # spec: - # redirectToHttps: - # enabled: true - # responseCodeName: RESPONSE_CODE # Gateway API HTTPRoute configuration # NOTE: Gateway API support is in EXPERIMENTAL status @@ -820,39 +270,6 @@ server: rbac: enabled: true - # -- Extra containers to be added to the server deployment - extraContainers: [] - - # -- Enables init containers to be added to the server deployment - extraInitContainers: [] - - # -- Specify postStart and preStop lifecycle hooks for server container - lifecycle: {} - - # -- terminationGracePeriodSeconds for container lifecycle hook - terminationGracePeriodSeconds: 30 - - ## livenessProbe for server - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - livenessProbe: - # -- Enable Kubernetes liveness probe for server - enabled: false - httpGet: - # -- Http port to use for the liveness probe - port: 2746 - # -- Http path to use for the liveness probe - path: / - # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded - failureThreshold: 3 - # -- Number of seconds after the container has started before [probe] is initiated - initialDelaySeconds: 10 - # -- How often (in seconds) to perform the [probe] - periodSeconds: 10 - # -- Number of seconds after which the [probe] times out - timeoutSeconds: 1 - # -- Minimum consecutive successes for the [probe] to be considered successful after having failed - successThreshold: 1 - # -- Array of extra K8s manifests to deploy extraObjects: - apiVersion: v1 @@ -885,142 +302,25 @@ extraObjects: workflows.argoproj.io/rbac-rule: "true" workflows.argoproj.io/rbac-rule-precedence: "0" -# -- Use static credentials for S3 (eg. when not using AWS IRSA) -useStaticCredentials: true -artifactRepository: - # -- Archive the main container logs as an artifact - archiveLogs: false - # -- Store artifact in a S3-compliant object store - # @default -- See [values.yaml] - s3: {} - # # Note the `key` attribute is not the actual secret, it's the PATH to - # # the contents in the associated secret, as defined by the `name` attribute. - # accessKeySecret: - # name: "{{ .Release.Name }}-minio" - # key: accesskey - # secretKeySecret: - # name: "{{ .Release.Name }}-minio" - # key: secretkey - # sessionTokenSecret: - # name: "{{ .Release.Name }}-minio" - # key: sessionToken - # # insecure will disable TLS. Primarily used for minio installs not configured with TLS - # insecure: false - # caSecret: - # name: ca-root - # key: cert.pem - # bucket: - # endpoint: - # region: - # roleARN: - # useSDKCreds: true - # encryptionOptions: - # enableEncryption: true - # -- Store artifact in a GCS object store - # @default -- `{}` (See [values.yaml]) - gcs: {} - # bucket: -argo - # keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}" - # # serviceAccountKeySecret is a secret selector. - # # It references the k8s secret named 'my-gcs-credentials'. - # # This secret is expected to have the key 'serviceAccountKey', - # # containing the base64 encoded credentials - # # to the bucket. - # # - # # If it's running on GKE and Workload Identity is used, - # # serviceAccountKeySecret is not needed. - # serviceAccountKeySecret: - # name: my-gcs-credentials - # key: serviceAccountKey - # -- Store artifact in Azure Blob Storage - # @default -- `{}` (See [values.yaml]) - azure: {} - # endpoint: https://mystorageaccountname.blob.core.windows.net - # container: my-container-name - # blobNameFormat: path/in/container - # # accountKeySecret is a secret selector. - # # It references the k8s secret named 'my-azure-storage-credentials'. - # # This secret is expected to have the key 'account-access-key', - # # containing the base64 encoded credentials to the storage account. - # # If a managed identity has been assigned to the machines running the - # # workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity) - # # then accountKeySecret is not needed, and useSDKCreds should be - # # set to true instead: - # useSDKCreds: true - # accountKeySecret: - # name: my-azure-storage-credentials - # key: account-access-key - -# -- The section of custom artifact repository. -# Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) -customArtifactRepository: {} -# artifactory: -# repoUrl: https://artifactory.example.com/raw -# usernameSecret: -# name: artifactory-creds -# key: username -# passwordSecret: -# name: artifactory-creds -# key: password - -# -- The section of [artifact repository ref](https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/). -# Each map key is the name of configmap -# @default -- `{}` (See [values.yaml]) -artifactRepositoryRef: {} - # # -- 1st ConfigMap - # # If you want to use this config map by default, name it "artifact-repositories". - # # Otherwise, you can provide a reference to a - # # different config map in `artifactRepositoryRef.configMap`. - # artifact-repositories: - # # -- v3.0 and after - if you want to use a specific key, put that key into this annotation. - # annotations: - # workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository - # # 1st data of configmap. See above artifactRepository or customArtifactRepository. - # default-v1-s3-artifact-repository: - # archiveLogs: false - # s3: - # bucket: my-bucket - # endpoint: minio:9000 - # insecure: true - # accessKeySecret: - # name: my-minio-cred - # key: accesskey - # secretKeySecret: - # name: my-minio-cred - # key: secretkey - # # 2nd data - # oss-artifact-repository: - # archiveLogs: false - # oss: - # endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com - # bucket: $mybucket - # # accessKeySecret and secretKeySecret are secret selectors. - # # It references the k8s secret named 'bucket-workflow-artifect-credentials'. - # # This secret is expected to have the keys 'accessKey' - # # and 'secretKey', containing the base64 encoded credentials - # # to the bucket. - # accessKeySecret: - # name: $mybucket-credentials - # key: accessKey - # secretKeySecret: - # name: $mybucket-credentials - # key: secretKey - # # 2nd ConfigMap - # another-artifact-repositories: - # annotations: - # workflows.argoproj.io/default-artifact-repository: gcs - # gcs: - # bucket: my-bucket - # keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}} - # serviceAccountKeySecret: - # name: my-gcs-credentials - # key: serviceAccountKey - -emissary: - # -- The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used. - ## See more: https://argo-workflows.readthedocs.io/en/stable/workflow-executors/#emissary-emissary - images: [] - # argoproj/argosay:v2: - # cmd: [/argosay] - # docker/whalesay:latest: - # cmd: [/bin/bash] + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: argo-admin-user + subjects: + - kind: ServiceAccount + name: admin-user + roleRef: + kind: ClusterRole + name: argo-admin + apiGroup: rbac.authorization.k8s.io + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: argo-read-only + subjects: + - kind: ServiceAccount + name: read-only + roleRef: + kind: ClusterRole + name: argo-view + apiGroup: rbac.authorization.k8s.io