diff --git a/docs/workflow-controller-configmap.yaml b/docs/workflow-controller-configmap.yaml index ef4240f62618..055d31ea7b5f 100644 --- a/docs/workflow-controller-configmap.yaml +++ b/docs/workflow-controller-configmap.yaml @@ -122,3 +122,36 @@ data: enabled: true path: /telemetry port: 8080 + + # enable persistence using postgres + persistence: + connectionPool: + maxIdleConns: 100 + maxOpenConns: 0 + # save the entire workflow into etcd and DB + nodeStatusOffLoad: false + postgresql: + host: localhost + port: 5432 + database: postgres + tableName: argo_workflows + # the database secrets must be in the same namespace of the controller + userNameSecret: + name: argo-postgres-config + key: username + passwordSecret: + name: argo-postgres-config + key: password + + # Optional config for mysql: + # mysql: + # host: localhost + # port: 3306 + # database: argo + # tableName: argo_workflows + # userNameSecret: + # name: argo-mysql-config + # key: username + # passwordSecret: + # name: argo-mysql-config + # key: password diff --git a/manifests/cluster-install/workflow-controller-rbac/kustomization.yaml b/manifests/cluster-install/workflow-controller-rbac/kustomization.yaml index e941cf876ad0..0ce4eff69b53 100644 --- a/manifests/cluster-install/workflow-controller-rbac/kustomization.yaml +++ b/manifests/cluster-install/workflow-controller-rbac/kustomization.yaml @@ -5,3 +5,5 @@ resources: - workflow-aggregate-roles.yaml - workflow-controller-clusterrole.yaml - workflow-controller-clusterrolebinding.yaml +- workflow-controller-role.yaml +- workflow-controller-rolebinding.yaml diff --git a/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml b/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml index b7a642a34978..f8d333b6fab9 100644 --- a/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml +++ b/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml @@ -58,4 +58,4 @@ rules: - serviceaccounts verbs: - get - - list + - list \ No newline at end of file diff --git a/manifests/cluster-install/workflow-controller-rbac/workflow-controller-role.yaml b/manifests/cluster-install/workflow-controller-rbac/workflow-controller-role.yaml new file mode 100755 index 000000000000..7ccf9e809eae --- /dev/null +++ b/manifests/cluster-install/workflow-controller-rbac/workflow-controller-role.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get \ No newline at end of file diff --git a/manifests/cluster-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml b/manifests/cluster-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml new file mode 100644 index 000000000000..191f34d44cdb --- /dev/null +++ b/manifests/cluster-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: + - kind: ServiceAccount + name: argo diff --git a/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml b/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml index 2772ed5fcc87..8687a6109309 100644 --- a/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml +++ b/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml @@ -59,3 +59,9 @@ rules: verbs: - get - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get