feat(argo-workflows): Add option for controller to read all secrets (#1967)

2023-04-14 14:53:40 +01:00 · 2023-04-14 14:53:40 +01:00 · 22356c77af
commit 22356c77af
parent dfe36fbde9
4 changed files with 16 additions and 3 deletions
--- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
@ -187,6 +187,16 @@ rules:
  - watch
  resourceNames: {{- toYaml . | nindent 4 }}
 {{- end }}
+{{- if and (not .Values.controller.rbac.secretWhitelist) (.Values.controller.rbac.accessAllSecrets) }}
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+{{- end }}

 {{- if .Values.controller.clusterWorkflowTemplates.enabled }}
 ---