From c16c2be5f767d34d428d5626c66fc0684150db37 Mon Sep 17 00:00:00 2001
From: Patrick Spek
Date: Sun, 27 Aug 2023 13:24:12 +0200
Subject: Enable persistence for workflows
---
.../tyilnet/cicd-system/argo-events/rbac.yaml | 97 --------------------
.../cicd-system/argo-workflows/helm-chart.yaml | 15 +++-
.../manifests.d/tyilnet/cicd-system/rbac.yaml | 100 +++++++++++++++++++++
.../resources/sensors/project-bashtard.yaml | 2 +-
.../workflow-templates/project-bashtard.yaml | 2 -
5 files changed, 115 insertions(+), 101 deletions(-)
delete mode 100644 data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/rbac.yaml
create mode 100644 data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/rbac.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/rbac.yaml
deleted file mode 100644
index a646f66..0000000
--- a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/rbac.yaml
+++ /dev/null
@@ -1,97 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: argo-events-webhook
- namespace: cicd-system
-automountServiceAccountToken: true
-...
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: argo-events-webhook
-rules:
-- apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - get
- - list
- - create
- - update
- - delete
- - patch
- - watch
-- apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - apps
- resources:
- - deployments
- verbs:
- - get
- - list
-- apiGroups:
- - admissionregistration.k8s.io
- resources:
- - validatingwebhookconfigurations
- verbs:
- - get
- - list
- - create
- - update
- - delete
- - patch
- - watch
-- apiGroups:
- - rbac.authorization.k8s.io
- resources:
- - clusterroles
- verbs:
- - get
- - list
-- apiGroups:
- - argoproj.io
- resources:
- - eventbus
- - eventsources
- - sensors
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - argoproj.io
- resources:
- - workflows
- verbs:
- - get
- - list
- - create
- - update
- - patch
- - watch
-...
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: argo-events-webhook
- namespace: cicd-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: argo-events-webhook
-subjects:
-- kind: ServiceAccount
- name: argo-events-webhook
- namespace: cicd-system
-...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml
index 8597cdd..b7a7400 100644
--- a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml
@@ -21,10 +21,23 @@ spec:
name: garage-creds-argo
key: secretKey
controller:
+ persistence:
+ archive: true
+ postgresql:
+ host: 10.57.101.20
+ port: 5432
+ database: argo
+ tableName: argo_workflows
+ userNameSecret:
+ name: postgresql-creds-argo
+ key: username
+ passwordSecret:
+ name: postgresql-creds-argo
+ key: password
workflowDefaults:
spec:
entrypoint: main
- serviceAccountName: "argo-workflow"
+ serviceAccountName: "argo-runner"
ttlStrategy:
secondsAfterCompletion: 300
podGC:
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml
new file mode 100644
index 0000000..e3b48c6
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml
@@ -0,0 +1,100 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: argo-runner
+ namespace: cicd-system
+automountServiceAccountToken: true
+...
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: argo-runner
+ namespace: cicd-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ - persistentvolumeclaims
+ - pods
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - delete
+ - patch
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - delete
+ - patch
+ - watch
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterroles
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - argoproj.io
+ resources:
+ - eventbus
+ - eventsources
+ - sensors
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - argoproj.io
+ resources:
+ - workflows
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - patch
+ - watch
+...
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: argo-runner
+ namespace: cicd-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: argo-runner
+subjects:
+- kind: ServiceAccount
+ name: argo-runner
+ namespace: cicd-system
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml
index 4f83959..8e77b3a 100644
--- a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml
@@ -6,7 +6,7 @@ metadata:
namespace: cicd-system
spec:
template:
- serviceAccountName: argo-events-webhook
+ serviceAccountName: argo-runner
dependencies:
- name: webhook
eventSourceName: webhook
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml
index b59e5b7..0642028 100644
--- a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml
@@ -5,8 +5,6 @@ metadata:
name: project-bashtard
namespace: cicd-system
spec:
- podGC:
- deleteDelayDuration: 1h
arguments:
parameters:
- name: ref
--
cgit v1.1