fix(argo-workflows): Add rbac rules for SSO

k8s-peterg/argo-workflows/values.yaml

@@ -311,3 +311,34 @@ extraObjects:
       kind: ClusterRole
       name: argo-workflows-view
       apiGroup: rbac.authorization.k8s.io
+  - apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+      name: argo-workflows-server-sso
+      namespace: argo-workflows
+    rules:
+      - apiGroups:
+          - ""
+        resources:
+          - serviceaccounts
+        verbs:
+          - get
+      - apiGroups:
+          - ""
+        resources:
+          - serviceaccounts/token
+        verbs:
+          - create
+  - apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+      name: argo-workflows-server-sso
+      namespace: argo-workflows
+    subjects:
+      - kind: ServiceAccount
+        name: argo-workflows-server
+        namespace: argo-workflows
+    roleRef:
+      kind: Role
+      name: argo-workflows-server-sso
+      apiGroup: rbac.authorization.k8s.io