Home Explore Help
Register Sign In
eugeniucarvalho
/
traefik
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 98017029fb
Branches Tags
traefik
/
argoworkflow
/
workflow
/
001-workflow-acount.yaml

001-workflow-acount.yaml 854 B
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940 
  1. apiVersion: v1
    2. 

  2. kind: ServiceAccount
    3. 

  3. metadata:
    4. 

  4.   name: workflow
    5. 

  5. ---
    6. 

  6. apiVersion: rbac.authorization.k8s.io/v1
    7. 

  7. kind: Role
    8. 

  8. metadata:
    9. 

  9.   name: workflow-role
    10. 

  10. rules:
    11. 

  11.   # pod get/watch is used to identify the container IDs of the current pod
    12. 

  12.   # pod patch is used to annotate the step's outputs back to controller (e.g. artifact location)
    13. 

  13.   - apiGroups:
    14. 

  14.       - ""
    15. 

  15.     resources:
    16. 

  16.       - pods
    17. 

  17.     verbs:
    18. 

  18.       - get
    19. 

  19.       - watch
    20. 

  20.       - patch
    21. 

  21.   # logs get/watch are used to get the pods logs for script outputs, and for log archival
    22. 

  22.   - apiGroups:
    23. 

  23.       - ""
    24. 

  24.     resources:
    25. 

  25.       - pods/log
    26. 

  26.     verbs:
    27. 

  27.       - get
    28. 

  28.       - watch
    29. 

  29. ---
    30. 

  30. apiVersion: rbac.authorization.k8s.io/v1
    31. 

  31. kind: RoleBinding
    32. 

  32. metadata:
    33. 

  33.   name: workflow-binding
    34. 

  34. roleRef:
    35. 

  35.   apiGroup: rbac.authorization.k8s.io
    36. 

  36.   kind: Role
    37. 

  37.   name: workflow-role
    38. 

  38. subjects:
    39. 

  39.   - kind: ServiceAccount
    40. 

  40.     name: workflow
    41.