diff --git a/manifests/base/00a_argo-namespace.yaml b/manifests/base/00a_argo-namespace.yaml new file mode 100644 index 000000000000..325701dce38a --- /dev/null +++ b/manifests/base/00a_argo-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: argo diff --git a/manifests/cluster-install/kustomization.yaml b/manifests/cluster-install/kustomization.yaml index d6d5c37b94a0..83190d225217 100644 --- a/manifests/cluster-install/kustomization.yaml +++ b/manifests/cluster-install/kustomization.yaml @@ -1,6 +1,7 @@ namespace: argo resources: +- ../base/00a_argo-namespace.yaml - ../base/01a_workflow-crd.yaml - ../base/01b_workflow-aggregate-roles.yaml - ../base/02a_workflow-controller-sa.yaml diff --git a/manifests/install.yaml b/manifests/install.yaml index 0c802d582237..f3c1b483b345 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -1,4 +1,9 @@ # This is an auto-generated file. DO NOT EDIT +apiVersion: v1 +kind: Namespace +metadata: + name: argo +--- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 9029aa9f4df0..3203af841d8b 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -1,4 +1,9 @@ # This is an auto-generated file. DO NOT EDIT +apiVersion: v1 +kind: Namespace +metadata: + name: argo +--- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: @@ -27,6 +32,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: argo-role + namespace: argo rules: - apiGroups: - "" @@ -41,14 +47,6 @@ rules: - update - patch - delete -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list - apiGroups: - "" resources: @@ -73,6 +71,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: argo-ui-role + namespace: argo rules: - apiGroups: - "" @@ -100,9 +99,24 @@ rules: - watch --- apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-cm-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: argo-binding + namespace: argo roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -110,11 +124,13 @@ roleRef: subjects: - kind: ServiceAccount name: argo + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: argo-ui-binding + namespace: argo roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -122,6 +138,19 @@ roleRef: subjects: - kind: ServiceAccount name: argo-ui + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-cm-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-cm-role +subjects: +- kind: ServiceAccount + name: argo --- apiVersion: v1 data: @@ -158,14 +187,13 @@ spec: containers: - env: - name: ARGO_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + value: argo - name: IN_CLUSTER value: "true" - name: ENABLE_WEB_CONSOLE value: "false" + - name: FORCE_NAMESPACE_ISOLATION + value: "true" - name: BASE_HREF value: / image: argoproj/argoui:v2.2.1 diff --git a/manifests/namespace-install/02b_workflow-controller-role.yaml b/manifests/namespace-install/02b_workflow-controller-role.yaml index f74a581ed3bb..0552e395164b 100644 --- a/manifests/namespace-install/02b_workflow-controller-role.yaml +++ b/manifests/namespace-install/02b_workflow-controller-role.yaml @@ -1,7 +1,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + name: argo-cm-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: name: argo-role + namespace: argo rules: - apiGroups: - "" @@ -16,14 +31,6 @@ rules: - update - patch - delete -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list - apiGroups: - "" resources: diff --git a/manifests/namespace-install/02c_workflow-controller-rolebinding.yaml b/manifests/namespace-install/02c_workflow-controller-rolebinding.yaml index 0484f455b84b..b2e3547aad4d 100644 --- a/manifests/namespace-install/02c_workflow-controller-rolebinding.yaml +++ b/manifests/namespace-install/02c_workflow-controller-rolebinding.yaml @@ -1,7 +1,20 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + name: argo-cm-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-cm-role +subjects: +- kind: ServiceAccount + name: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: name: argo-binding + namespace: argo roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -9,3 +22,4 @@ roleRef: subjects: - kind: ServiceAccount name: argo + namespace: default diff --git a/manifests/namespace-install/03b_argo-ui-role.yaml b/manifests/namespace-install/03b_argo-ui-role.yaml index 334d108db6e4..666402c25cae 100644 --- a/manifests/namespace-install/03b_argo-ui-role.yaml +++ b/manifests/namespace-install/03b_argo-ui-role.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: argo-ui-role + namespace: argo rules: - apiGroups: - "" diff --git a/manifests/namespace-install/03c_argo-ui-rolebinding.yaml b/manifests/namespace-install/03c_argo-ui-rolebinding.yaml index 560c5f6610e3..4ad2da2962c2 100644 --- a/manifests/namespace-install/03c_argo-ui-rolebinding.yaml +++ b/manifests/namespace-install/03c_argo-ui-rolebinding.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: argo-ui-binding + namespace: argo roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -9,3 +10,4 @@ roleRef: subjects: - kind: ServiceAccount name: argo-ui + namespace: default diff --git a/manifests/namespace-install/03d_argo-ui-deployment.yaml b/manifests/namespace-install/03d_argo-ui-deployment.yaml new file mode 100644 index 000000000000..96eac80bc259 --- /dev/null +++ b/manifests/namespace-install/03d_argo-ui-deployment.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: argo-ui +spec: + selector: + matchLabels: + app: argo-ui + template: + metadata: + labels: + app: argo-ui + spec: + serviceAccountName: argo-ui + containers: + - name: argo-ui + image: argoproj/argoui:v2.2.1 + env: + - name: ARGO_NAMESPACE + value: "argo" + - name: IN_CLUSTER + value: "true" + - name: ENABLE_WEB_CONSOLE + value: "false" + - name: FORCE_NAMESPACE_ISOLATION + value: "true" + - name: BASE_HREF + value: / diff --git a/manifests/namespace-install/kustomization.yaml b/manifests/namespace-install/kustomization.yaml index 9b33fa715a44..bec443b98c72 100644 --- a/manifests/namespace-install/kustomization.yaml +++ b/manifests/namespace-install/kustomization.yaml @@ -1,4 +1,5 @@ resources: +- ../base/00a_argo-namespace.yaml - ../base/01a_workflow-crd.yaml - ../base/02a_workflow-controller-sa.yaml - ./02b_workflow-controller-role.yaml @@ -8,5 +9,5 @@ resources: - ../base/03a_argo-ui-sa.yaml - ./03b_argo-ui-role.yaml - ./03c_argo-ui-rolebinding.yaml -- ../base/03d_argo-ui-deployment.yaml +- ./03d_argo-ui-deployment.yaml - ../base/03e_argo-ui-service.yaml