From 537840bc3cf4bf8820a6ae502f3b2209dcbca0da Mon Sep 17 00:00:00 2001
From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com>
Date: Fri, 15 May 2026 14:53:30 +0200
Subject: [PATCH] fix(argo-workflows): Add rbac rules for SSO

---
 k8s-peterg/argo-workflows/values.yaml | 31 +++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/k8s-peterg/argo-workflows/values.yaml b/k8s-peterg/argo-workflows/values.yaml
index 26b8dcf..2459293 100644
--- a/k8s-peterg/argo-workflows/values.yaml
+++ b/k8s-peterg/argo-workflows/values.yaml
@@ -311,3 +311,34 @@ extraObjects:
       kind: ClusterRole
       name: argo-workflows-view
       apiGroup: rbac.authorization.k8s.io
+  - apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+      name: argo-workflows-server-sso
+      namespace: argo-workflows
+    rules:
+      - apiGroups:
+          - ""
+        resources:
+          - serviceaccounts
+        verbs:
+          - get
+      - apiGroups:
+          - ""
+        resources:
+          - serviceaccounts/token
+        verbs:
+          - create
+  - apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+      name: argo-workflows-server-sso
+      namespace: argo-workflows
+    subjects:
+      - kind: ServiceAccount
+        name: argo-workflows-server
+        namespace: argo-workflows
+    roleRef:
+      kind: Role
+      name: argo-workflows-server-sso
+      apiGroup: rbac.authorization.k8s.io