Update service-account for argo-workflows

posquit0 · posquit0 · commit c99a665e59b9 · 2024-07-30T03:37:05.000+09:00
diff --git a/addons/argo-workflows/resources/service-account-argo-workflow-executor/kustomization.yaml b/addons/argo-workflows/resources/service-account-argo-workflow-executor/kustomization.yaml
@@ -3,9 +3,8 @@ kind: Kustomization
 
 resources:
 - rbac.yaml
+- secret.yaml
 
 namespace: default
-labels:
-- pairs:
-    app.kubernetes.io/part-of: "argo-workflow"
-  includeSelectors: false
+commonLabels:
+  app.kubernetes.io/part-of: "argo-workflow"
diff --git a/addons/argo-workflows/resources/service-account-argo-workflow-executor/rbac.yaml b/addons/argo-workflows/resources/service-account-argo-workflow-executor/rbac.yaml
@@ -4,6 +4,8 @@ metadata:
   name: argo-workflow-executor
   labels:
     app.kubernetes.io/name: "argo-workflow-executor"
+secrets:
+- name: argo-workflow-executor.service-account-token
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -31,6 +33,34 @@ rules:
   verbs:
   - get
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods/exec
+  verbs:
+  - create
+- apiGroups:
+  - argoproj.io
+  resources:
+  - workflowtaskresults
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - argoproj.io
+  resources:
+  - workflowtasksets
+  - workflowartifactgctasks
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - argoproj.io
+  resources:
+  - workflowtasksets/status
+  - workflowartifactgctasks/status
+  verbs:
+  - patch
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/addons/argo-workflows/resources/service-account-argo-workflow-executor/secret.yaml b/addons/argo-workflows/resources/service-account-argo-workflow-executor/secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/service-account-token
+metadata:
+  name: argo-workflow-executor.service-account-token
+  annotations:
+    kubernetes.io/service-account.name: argo-workflow-executor
