fix: Argo Server Secrets Permissions (#307)

Grant permissions to workflow-controller and server roles to read database secrets
2020-04-29 22:36:58 +02:00 · 2020-04-29 22:36:58 +02:00 · 1135b1ef18
commit 1135b1ef18
parent 5add526d0c
3 changed files with 30 additions and 1 deletions
--- a/charts/argo/templates/workflow-controller-clusterrole.yaml
+++ b/charts/argo/templates/workflow-controller-clusterrole.yaml
@ -78,4 +78,22 @@ rules:
  verbs:
  - get
  - list
+{{- if .Values.controller.persistence }}
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  {{- if .Values.controller.persistence.postgresql }}
+  - {{ .Values.controller.persistence.postgresql.userNameSecret.name }}
+  - {{ .Values.controller.persistence.postgresql.passwordSecret.name }}
+  {{- end}}
+  {{- if .Values.controller.persistence.mysql }}
+  - {{ .Values.controller.persistence.mysql.userNameSecret.name }}
+  - {{ .Values.controller.persistence.mysql.passwordSecret.name }}
+  {{- end}}
+  verbs:
+  - get
+{{- end}}
+