fix(Argo): Unify settings for activating rbac. (#544)

Signed-off-by: Vlad Losev <vladimir.losev@sage.com>
2021-01-13 10:07:56 -08:00 · 2021-01-13 10:07:56 -08:00 · 4f7fe688cf
commit 4f7fe688cf
parent 391c439de6
3 changed files with 21 additions and 6 deletions
--- a/charts/argo/values.yaml
+++ b/charts/argo/values.yaml
@ -167,9 +167,6 @@ server:
  serviceType: ClusterIP
  servicePort: 2746
  # servicePortName: http
-  rbac:
-    # When present, restricts secrets the server can read to a given list.
-    secretWhitelist: []
  serviceAccount: argo-server
  # Whether to create the service account with the name specified in
  # server.serviceAccount and bind it to the server role.
@ -267,6 +264,18 @@ server:
    #   key: client-secret
    ## The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
    # redirectUrl: https://argo/oauth2/callback
+    # rbac:
+    #   enabled: true
+    ## When present, restricts secrets the server can read to a given list.
+    ## You can use it to restrict the server to only be able to access the
+    ## service account token secrets that are associated with service accounts
+    ## used for authorization.
+    #   secretWhitelist: []
+    ## Scopes requested from the SSO ID provider.  The 'groups' scope requests
+    ## group membership information, which is usually used for authorization
+    ## decisions.
+    # scopes:
+    # - groups

 # Influences the creation of the ConfigMap for the workflow-controller itself.
 useDefaultArtifactRepo: false