feat(argo-workflows): Allow controller to whitelist secrets (#1646)

* allow users to whitelist secrets Signed-off-by: emmayylu <84873428+yolu-kxs@users.noreply.github.com> * remove unnecessary if-statement Signed-off-by: emmayylu <44856279+emmayylu@users.noreply.github.com> * use square bracket for array Signed-off-by: emmayylu <44856279+emmayylu@users.noreply.github.com> * fix typo and update readme Signed-off-by: emmayylu <44856279+emmayylu@users.noreply.github.com> Signed-off-by: emmayylu <84873428+yolu-kxs@users.noreply.github.com> Signed-off-by: emmayylu <44856279+emmayylu@users.noreply.github.com> Co-authored-by: emmayylu <84873428+yolu-kxs@users.noreply.github.com>
2022-11-23 00:17:56 -07:00 · 2022-11-23 00:17:56 -07:00 · 16cf7af98b
commit 16cf7af98b
parent 7105de193a
4 changed files with 16 additions and 2 deletions
--- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
@ -164,6 +164,17 @@ rules:
  resourceNames:
  {{/* for HTTP templates */}}
  - argo-workflows-agent-ca-certificates
+{{- with .Values.controller.rbac.secretWhitelist }}
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+  resourceNames: {{- toYaml . | nindent 4 }}
+{{- end }}

 {{- if .Values.controller.clusterWorkflowTemplates.enabled }}
 ---