| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: workflow
- namespace: argo-events
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
- name: workflow-role
- namespace: argo-events
- rules:
- # pod get/watch is used to identify the container IDs of the current pod
- # pod patch is used to annotate the step's outputs back to controller (e.g. artifact location)
- - apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - get
- - watch
- - patch
- # logs get/watch are used to get the pods logs for script outputs, and for log archival
- - apiGroups:
- - ""
- resources:
- - pods/log
- verbs:
- - get
- - watch
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
- name: workflow-binding
- namespace: argo-events
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: workflow-role
- subjects:
- - kind: ServiceAccount
- name: workflow
|
