fix: Sec correct rbac resources

2026-04-06 17:58:28 +02:00 · 2026-04-06 17:58:28 +02:00 · 7e16a3c5a0
commit 7e16a3c5a0
parent 4bfb8be326
1 changed files with 3 additions and 16 deletions
--- a/k8s-peterg/argo-workflows/values.yaml
+++ b/k8s-peterg/argo-workflows/values.yaml
@ -275,28 +275,15 @@ extraObjects:
    kind: ServiceAccount
    metadata:
      name: admin-user
+      namespace: argocd-workflows
      annotations:
-        # The rule is an expression used to determine if this service account
-        # should be used.
-        # * `groups` - an array of the OIDC groups
-        # * `iss` - the issuer ("argo-server")
-        # * `sub` - the subject (typically the username)
-        # Must evaluate to a boolean.
-        # If you want an account to be the default to use, this rule can be "true".
-        # Details of the expression language are available in
-        # https://expr-lang.org/docs/language-definition.
-        workflows.argoproj.io/rbac-rule: "'admin' in groups"
-        # The precedence is used to determine which service account to use when
-        # Precedence is an integer. It may be negative. If omitted, it defaults to "0".
-        # Numerically higher values have higher precedence (not lower, which maybe
-        # counter-intuitive to you).
-        # If two rules match and have the same precedence, then which one used will
-        # be arbitrary.
+        workflows.argoproj.io/rbac-rule: "'ArgoCD Admins' in groups"
        workflows.argoproj.io/rbac-rule-precedence: "1"
  - apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: read-only
+      namespace: argocd-workflows
      annotations:
        workflows.argoproj.io/rbac-rule: "true"
        workflows.argoproj.io/rbac-rule-precedence: "0"