Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix manifests for namespace install #1077

Closed
wants to merge 3 commits into from
Closed

Fix manifests for namespace install #1077

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
074f2a6
Fix manifests for namespace install
dtaniwaki Nov 4, 2018
63bec8d
Update aggregated manifest for namespace-install
dtaniwaki Nov 4, 2018
0179221
Add namespace manifest
dtaniwaki Nov 4, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions manifests/base/00a_argo-namespace.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: argo
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We shouldn't include namespaces as part of install, since namespaces are not often included in installation manifests. Also, oftentimes namespaces are created for other teams, and user's are not allowed a "vanity" namespace.

For example, internally here, we could not use this set of manifests as a kustomize base, since our namespaces are created using a separate namespace provisioning system, using a special convention for the name.

1 change: 1 addition & 0 deletions manifests/cluster-install/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
namespace: argo

resources:
- ../base/00a_argo-namespace.yaml
- ../base/01a_workflow-crd.yaml
- ../base/01b_workflow-aggregate-roles.yaml
- ../base/02a_workflow-controller-sa.yaml
Expand Down
5 changes: 5 additions & 0 deletions manifests/install.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# This is an auto-generated file. DO NOT EDIT
apiVersion: v1
kind: Namespace
metadata:
name: argo
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
Expand Down
52 changes: 40 additions & 12 deletions manifests/namespace-install.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# This is an auto-generated file. DO NOT EDIT
apiVersion: v1
kind: Namespace
metadata:
name: argo
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
Expand Down Expand Up @@ -27,6 +32,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argo-role
namespace: argo
rules:
- apiGroups:
- ""
Expand All @@ -41,14 +47,6 @@ rules:
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
Expand All @@ -73,6 +71,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argo-ui-role
namespace: argo
rules:
- apiGroups:
- ""
Expand Down Expand Up @@ -100,28 +99,58 @@ rules:
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argo-cm-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-binding
namespace: argo
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-role
subjects:
- kind: ServiceAccount
name: argo
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-ui-binding
namespace: argo
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-ui-role
subjects:
- kind: ServiceAccount
name: argo-ui
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-cm-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-cm-role
subjects:
- kind: ServiceAccount
name: argo
---
apiVersion: v1
data:
Expand Down Expand Up @@ -158,14 +187,13 @@ spec:
containers:
- env:
- name: ARGO_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
value: argo
- name: IN_CLUSTER
value: "true"
- name: ENABLE_WEB_CONSOLE
value: "false"
- name: FORCE_NAMESPACE_ISOLATION
value: "true"
- name: BASE_HREF
value: /
image: argoproj/argoui:v2.2.1
Expand Down
23 changes: 15 additions & 8 deletions manifests/namespace-install/02b_workflow-controller-role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,22 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argo-cm-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
---
apiVersion: rbac.authorization.k8s.io/v1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should split the existing argo-role to two roles: argo-cm-role and argo-role. It makes the object management more confusing.

kind: Role
metadata:
name: argo-role
namespace: argo
rules:
- apiGroups:
- ""
Expand All @@ -16,14 +31,6 @@ rules:
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
Expand Down
14 changes: 14 additions & 0 deletions manifests/namespace-install/02c_workflow-controller-rolebinding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,25 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-cm-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-cm-role
subjects:
- kind: ServiceAccount
name: argo
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-binding
namespace: argo
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-role
subjects:
- kind: ServiceAccount
name: argo
namespace: default
1 change: 1 addition & 0 deletions manifests/namespace-install/03b_argo-ui-role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argo-ui-role
namespace: argo
rules:
- apiGroups:
- ""
Expand Down
2 changes: 2 additions & 0 deletions manifests/namespace-install/03c_argo-ui-rolebinding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,12 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-ui-binding
namespace: argo
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-ui-role
subjects:
- kind: ServiceAccount
name: argo-ui
namespace: default
28 changes: 28 additions & 0 deletions manifests/namespace-install/03d_argo-ui-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: argo-ui
spec:
selector:
matchLabels:
app: argo-ui
template:
metadata:
labels:
app: argo-ui
spec:
serviceAccountName: argo-ui
containers:
- name: argo-ui
image: argoproj/argoui:v2.2.1
env:
- name: ARGO_NAMESPACE
value: "argo"
- name: IN_CLUSTER
value: "true"
- name: ENABLE_WEB_CONSOLE
value: "false"
- name: FORCE_NAMESPACE_ISOLATION
value: "true"
- name: BASE_HREF
value: /
3 changes: 2 additions & 1 deletion manifests/namespace-install/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
resources:
- ../base/00a_argo-namespace.yaml
- ../base/01a_workflow-crd.yaml
- ../base/02a_workflow-controller-sa.yaml
- ./02b_workflow-controller-role.yaml
Expand All @@ -8,5 +9,5 @@ resources:
- ../base/03a_argo-ui-sa.yaml
- ./03b_argo-ui-role.yaml
- ./03c_argo-ui-rolebinding.yaml
- ../base/03d_argo-ui-deployment.yaml
- ./03d_argo-ui-deployment.yaml
- ../base/03e_argo-ui-service.yaml