apiVersion: v1 kind: Namespace metadata: name: argo-workflows --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: full-permissions-cluster-role rules: - apiGroups: ["*"] resources: ["*"] verbs: ["*"] --- # TODO: Add annotation IRSA created with terraform apiVersion: v1 kind: ServiceAccount metadata: name: full-permissions-service-account namespace: argo-workflows annotations: eks.amazonaws.com/role-arn: ARGO_WORKFLOWS_IRSA --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: full-permissions-cluster-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: full-permissions-cluster-role subjects: - kind: ServiceAccount name: full-permissions-service-account namespace: argo-workflows --- # TODO: Configure s3 artifact output apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: argo-workflows namespace: flux-system labels: self-managed-add-on: "true" add-on-version: "0.28.2" spec: releaseName: argo-workflows targetNamespace: argo-workflows storageNamespace: argo-workflows interval: 1m0s chart: spec: chart: argo-workflows version: 0.28.2 sourceRef: kind: HelmRepository name: argo values: useStaticCredentials: false artifactRepository: s3: bucket: ARGO_WORKFLOWS_BUCKET_NAME region: AWS_REGION endpoint: s3.amazonaws.com workflow: serviceAccount: create: true name: "argo-workflow" annotations: eks.amazonaws.com/role-arn: ARGO_WORKFLOWS_IRSA # Add IRSA for EKS add-on validate rbac: create: true controller: workflowNamespaces: # Give permission to other namespaces, to use Karpenter - argo-workflows server: serviceType: LoadBalancer serviceAccount: annotations: eks.amazonaws.com/role-arn: ARGO_WORKFLOWS_IRSA extraArgs: - --auth-mode=server # This is for demonstration purposes only install: {} # https://github.com/argoproj/argo-helm/blob/main/charts/argo-workflows/values.yaml