From c16c2be5f767d34d428d5626c66fc0684150db37 Mon Sep 17 00:00:00 2001 From: Patrick Spek Date: Sun, 27 Aug 2023 13:24:12 +0200 Subject: Enable persistence for workflows --- .../tyilnet/cicd-system/argo-events/rbac.yaml | 97 -------------------- .../cicd-system/argo-workflows/helm-chart.yaml | 15 +++- .../manifests.d/tyilnet/cicd-system/rbac.yaml | 100 +++++++++++++++++++++ .../resources/sensors/project-bashtard.yaml | 2 +- .../workflow-templates/project-bashtard.yaml | 2 - 5 files changed, 115 insertions(+), 101 deletions(-) delete mode 100644 data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/rbac.yaml create mode 100644 data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/rbac.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/rbac.yaml deleted file mode 100644 index a646f66..0000000 --- a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: argo-events-webhook - namespace: cicd-system -automountServiceAccountToken: true -... ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: argo-events-webhook -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - deployments - verbs: - - get - - list -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - get - - list -- apiGroups: - - argoproj.io - resources: - - eventbus - - eventsources - - sensors - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - create - - update - - patch - - watch -... ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: argo-events-webhook - namespace: cicd-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argo-events-webhook -subjects: -- kind: ServiceAccount - name: argo-events-webhook - namespace: cicd-system -... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml index 8597cdd..b7a7400 100644 --- a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml @@ -21,10 +21,23 @@ spec: name: garage-creds-argo key: secretKey controller: + persistence: + archive: true + postgresql: + host: 10.57.101.20 + port: 5432 + database: argo + tableName: argo_workflows + userNameSecret: + name: postgresql-creds-argo + key: username + passwordSecret: + name: postgresql-creds-argo + key: password workflowDefaults: spec: entrypoint: main - serviceAccountName: "argo-workflow" + serviceAccountName: "argo-runner" ttlStrategy: secondsAfterCompletion: 300 podGC: diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml new file mode 100644 index 0000000..e3b48c6 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml @@ -0,0 +1,100 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-runner + namespace: cicd-system +automountServiceAccountToken: true +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-runner + namespace: cicd-system +rules: +- apiGroups: + - "" + resources: + - secrets + - persistentvolumeclaims + - pods + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - get + - list +- apiGroups: + - argoproj.io + resources: + - eventbus + - eventsources + - sensors + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - create + - update + - patch + - watch +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-runner + namespace: cicd-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-runner +subjects: +- kind: ServiceAccount + name: argo-runner + namespace: cicd-system +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml index 4f83959..8e77b3a 100644 --- a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml @@ -6,7 +6,7 @@ metadata: namespace: cicd-system spec: template: - serviceAccountName: argo-events-webhook + serviceAccountName: argo-runner dependencies: - name: webhook eventSourceName: webhook diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml index b59e5b7..0642028 100644 --- a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml @@ -5,8 +5,6 @@ metadata: name: project-bashtard namespace: cicd-system spec: - podGC: - deleteDelayDuration: 1h arguments: parameters: - name: ref -- cgit v1.1