apiVersion: v1
kind: Namespace
metadata:
name: argo-workflows
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: full-permissions-cluster-role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
---
# TODO: Add annotation IRSA created with terraform
apiVersion: v1
kind: ServiceAccount
metadata:
name: full-permissions-service-account
namespace: argo-workflows
annotations:
eks.amazonaws.com/role-arn: ARGO_WORKFLOWS_IRSA
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: full-permissions-cluster-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: full-permissions-cluster-role
subjects:
- kind: ServiceAccount
name: full-permissions-service-account
namespace: argo-workflows
---
# TODO: Configure s3 artifact output
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: argo-workflows
namespace: flux-system
labels:
self-managed-add-on: "true"
add-on-version: "0.28.2"
spec:
releaseName: argo-workflows
targetNamespace: argo-workflows
storageNamespace: argo-workflows
interval: 1m0s
chart:
spec:
chart: argo-workflows
version: 0.28.2
sourceRef:
kind: HelmRepository
name: argo
values:
useStaticCredentials: false
artifactRepository:
s3:
bucket: ARGO_WORKFLOWS_BUCKET_NAME
region: AWS_REGION
endpoint: s3.amazonaws.com
workflow:
serviceAccount:
create: true
name: "argo-workflow"
annotations:
eks.amazonaws.com/role-arn: ARGO_WORKFLOWS_IRSA # Add IRSA for EKS add-on validate
rbac:
create: true
controller:
workflowNamespaces: # Give permission to other namespaces, to use Karpenter
- argo-workflows
server:
serviceType: LoadBalancer
serviceAccount:
annotations:
eks.amazonaws.com/role-arn: ARGO_WORKFLOWS_IRSA
extraArgs:
- --auth-mode=server # This is for demonstration purposes only
install: {}
# https://github.com/argoproj/argo-helm/blob/main/charts/argo-workflows/values.yaml