Merge pull request #151 from shoplineapp/feature/PLAT-875-argo-cronwo…

…rkflow-sa-with-permission Update cronjob for argo workflow upgrade
shoplineapp · May 14, 2024 · 2ab782d · 2ab782d
2 parents 3ca31a5 + 0d11a99
commit 2ab782d
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 4 deletions.
diff --git a/cronjob/Chart.yaml b/cronjob/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 description: Helm chart with simple cronjob template
 name: cronjob
-version: 0.7.5
+version: 0.8.0
 appVersion: 1.0.0
 tillerVersion: ">=2.14.3"
diff --git a/cronjob/templates/_argo_cron_workflow.tpl b/cronjob/templates/_argo_cron_workflow.tpl
@@ -16,7 +16,7 @@
         {{- end }}
     {{- if .Values.serviceaccount }}
     serviceAccountName: {{ .Values.serviceaccount.name | default (printf "%s-pod-service-account" .Values.name) }}
-    {{- else if .Values.serviceAccount }}
+    {{- else }}
     serviceAccountName: {{ .Values.name }}-pod-service-account
     {{- end }}
     {{- with .Values.nodeSelector }}

diff --git a/cronjob/templates/role.yaml b/cronjob/templates/role.yaml
@@ -0,0 +1,16 @@
+{{- /* If kind = "CronWorkflow", Role for argo workflow will be created */}}
+{{- if and (.Values.kind ) (eq .Values.kind "CronWorkflow") }}
+# Following Role needed for argo workflow 3.5
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: wf-role-{{ .Values.name }}-executor
+rules:
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - workflowtaskresults
+    verbs:
+      - create
+      - patch
+{{- end }}
diff --git a/cronjob/templates/rolebinding.yaml b/cronjob/templates/rolebinding.yaml
@@ -0,0 +1,19 @@
+{{- /* If kind = "CronWorkflow", RoleBinding for argo workflow will be created */}}
+{{- if and (.Values.kind ) (eq .Values.kind "CronWorkflow") }}
+# Following RoleBinding needed for argo workflow 3.5
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: wf-role-binding-{{ .Values.name }}-executor
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: wf-role-{{ .Values.name }}-executor
+subjects:
+- kind: ServiceAccount
+  {{- if .Values.serviceaccount }}
+  name: {{ .Values.serviceaccount.name | default (printf "%s-pod-service-account" .Values.name) }}
+  {{- else }}
+  name: {{ .Values.name }}-pod-service-account
+  {{- end }}
+{{- end }}
diff --git a/cronjob/templates/serviceaccount.yaml b/cronjob/templates/serviceaccount.yaml
@@ -4,10 +4,13 @@ kind: ServiceAccount
 metadata:
   annotations: {{ toYaml .Values.serviceaccount.annotations | nindent 4}}
   name: {{ .Values.serviceaccount.name | default (printf "%s-pod-service-account" .Values.name) }}
-{{- else if .Values.serviceAccount }}
+{{- /* If kind = 'CronWorkflow' or have serviceAccount, create ServiceAccount */}}
+{{- else if or (.Values.serviceAccount) (and (.Values.kind ) (eq .Values.kind "CronWorkflow")) }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4}}
+  {{- with .Values.serviceAccount }}
+  annotations: {{ toYaml .annotations | nindent 4}}
+  {{- end }}
   name: {{ .Values.name }}-pod-service-account
 {{- end}}