From 77f5a157a3f897696357d52efe32dd8c23a8926c Mon Sep 17 00:00:00 2001
From: Daisuke Taniwaki <daisuketaniwaki@gmail.com>
Date: Sun, 25 Aug 2019 01:44:53 +0900
Subject: [PATCH 1/2] Add workflow template permissions to namespaced
 deployment manifests

---
 manifests/namespace-install.yaml                         | 9 +++++++++
 .../workflow-controller-role.yaml                        | 9 +++++++++
 2 files changed, 18 insertions(+)

diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml
index 0d16a7dfc245..df00db917d3f 100644
--- a/manifests/namespace-install.yaml
+++ b/manifests/namespace-install.yaml
@@ -82,6 +82,15 @@ rules:
   - update
   - patch
   - delete
+- apiGroups:
+  - argoproj.io
+  resources:
+  - workflowtemplates
+  - workflowtemplates/finalizers
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:
diff --git a/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml b/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml
index 016cba426a0d..2772ed5fcc87 100644
--- a/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml
+++ b/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml
@@ -43,6 +43,15 @@ rules:
   - update
   - patch
   - delete
+- apiGroups:
+  - argoproj.io
+  resources:
+  - workflowtemplates
+  - workflowtemplates/finalizers
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:

From 1b773f31df76d408306176a7d0c611ed2cac25b3 Mon Sep 17 00:00:00 2001
From: Daisuke Taniwaki <daisuketaniwaki@gmail.com>
Date: Sun, 25 Aug 2019 02:16:00 +0900
Subject: [PATCH 2/2] Use filtered shared informer factory for namespaced
 deployment

---
 workflow/controller/controller.go | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/workflow/controller/controller.go b/workflow/controller/controller.go
index d37627329452..bc051ad47876 100644
--- a/workflow/controller/controller.go
+++ b/workflow/controller/controller.go
@@ -148,9 +148,7 @@ func (wfc *WorkflowController) Run(ctx context.Context, wfWorkers, podWorkers in
 	}
 
 	wfc.wfInformer = util.NewWorkflowInformer(wfc.restConfig, wfc.Config.Namespace, workflowResyncPeriod, wfc.tweakWorkflowlist)
-
-	informerFactory := wfextv.NewSharedInformerFactory(wfc.wfclientset, workflowTemplateResyncPeriod)
-	wfc.wftmplInformer = informerFactory.Argoproj().V1alpha1().WorkflowTemplates()
+	wfc.wftmplInformer = wfc.newWorkflowTemplateInformer()
 
 	wfc.addWorkflowInformerHandler()
 	wfc.podInformer = wfc.newPodInformer()
@@ -508,6 +506,16 @@ func (wfc *WorkflowController) newPodInformer() cache.SharedIndexInformer {
 	return informer
 }
 
+func (wfc *WorkflowController) newWorkflowTemplateInformer() wfextvv1alpha1.WorkflowTemplateInformer {
+	var informerFactory wfextv.SharedInformerFactory
+	if wfc.Config.Namespace != "" {
+		informerFactory = wfextv.NewFilteredSharedInformerFactory(wfc.wfclientset, workflowTemplateResyncPeriod, wfc.Config.Namespace, func(opts *metav1.ListOptions) {})
+	} else {
+		informerFactory = wfextv.NewSharedInformerFactory(wfc.wfclientset, workflowTemplateResyncPeriod)
+	}
+	return informerFactory.Argoproj().V1alpha1().WorkflowTemplates()
+}
+
 func (wfc *WorkflowController) createPersistenceContext() (*sqldb.WorkflowDBContext, error) {
 
 	var wfDBCtx sqldb.WorkflowDBContext