add executor binding

nolte · Jan 24, 2024 · ceaabdd · ceaabdd
1 parent e8df484
commit ceaabdd
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 3 deletions.
diff --git a/charts/stable/argo-workflow-mixin/Chart.yaml b/charts/stable/argo-workflow-mixin/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 appVersion: 1.16.0
-description: A Helm chart for Kubernetes
+description: Generate Argo Workflow Additional Manifest 
 name: argo-workflow-mixin
 type: application
-version: 0.8.3
+version: 0.8.4
diff --git a/charts/stable/argo-workflow-mixin/templates/_helpers.tpl b/charts/stable/argo-workflow-mixin/templates/_helpers.tpl
@@ -93,3 +93,7 @@ Create the name of the Role to use
 {{- define "argo-workflows-execution.roleK8SStateName" -}}
 {{- printf "%s-%s" (default (include "argo-workflows-execution.fullname" .) .Values.role.vaultInjector.name) "state" | trunc 63 | trimSuffix "-" }}
 {{- end }}
+
+{{- define "argo-workflows-execution.roleExecutorName" -}}
+{{- printf "%s-%s" (default (include "argo-workflows-execution.fullname" .) .Values.role.executor.name) "executor" | trunc 63 | trimSuffix "-" }}
+{{- end }}
diff --git a/charts/stable/argo-workflow-mixin/templates/executor-binding.yaml b/charts/stable/argo-workflow-mixin/templates/executor-binding.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.roleBinding.executor.create }}
+kind: {{ include "argo-workflows-execution.roleBindingKind" . }}
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "argo-workflows-execution.roleExecutorName" . }}
+  {{- if eq .Values.roleBinding.type "Role" }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "argo-workflows-execution.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "argo-workflows-execution.serviceAccountName" . }}
+  apiGroup: ""
+roleRef:
+  {{- if eq .Values.role.type "ClusterRole" }}
+  kind: ClusterRole
+  {{- else }}
+  kind: Role
+  {{- end }}
+  name: {{ include "argo-workflows-execution.roleExecutorName" . }}
+  apiGroup: ""
+{{- end }}
diff --git a/charts/stable/argo-workflow-mixin/templates/executor-role.yaml b/charts/stable/argo-workflow-mixin/templates/executor-role.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.role.executor.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ include "argo-workflows-execution.roleKind" . }}
+metadata:
+  name: {{ include "argo-workflows-execution.roleExecutorName" . }}
+  {{- if eq .Values.role.type "Role" }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "argo-workflows-execution.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - workflowtaskresults
+    verbs:
+      - create
+      - patch
+{{- end }}
diff --git a/charts/stable/argo-workflow-mixin/values-example.yaml b/charts/stable/argo-workflow-mixin/values-example.yaml
@@ -16,13 +16,17 @@ role:
   vaultInjector:
     create: true
     name: argo-workflows-execution
-
+  executor:
+    create: true
+
 roleBinding:
   tfState:
     create: true
   type: Role
   vaultInjector:
     create: false
+  executor:
+    create: true
 
 serviceAccount:
   annotations: {}

diff --git a/charts/stable/argo-workflow-mixin/values.yaml b/charts/stable/argo-workflow-mixin/values.yaml
@@ -23,13 +23,19 @@ role:
   vaultInjector:
     create: false
     name: argo-workflows-execution
+  executor:
+    create: false
+    name: argo-workflows-execution
+
 
 roleBinding:
   tfState:
     create: false
   type: Role
   vaultInjector:
     create: false
+  executor:
+    create: false
 
 serviceAccount:
   annotations: {}