github.com/argoproj/argo-events@v1.9.1/examples/README.md

github.com/argoproj/argo-events@v1.9.1/examples/README.md (about)

     1  # Examples
     2  
     3  The examples demonstrate how Argo Events works.
     4  
     5  To make the Sensors be able to trigger Workflows, a Service Account with RBAC
     6  settings as following is required (assume you run the examples in the namespace
     7  `argo-events`).
     8  
     9  ```yaml
    10  apiVersion: v1
    11  kind: ServiceAccount
    12  metadata:
    13    namespace: argo-events
    14    name: operate-workflow-sa
    15  ---
    16  # Similarly you can use a ClusterRole and ClusterRoleBinding
    17  apiVersion: rbac.authorization.k8s.io/v1
    18  kind: Role
    19  metadata:
    20    name: operate-workflow-role
    21    namespace: argo-events
    22  rules:
    23    - apiGroups:
    24        - argoproj.io
    25      verbs:
    26        - "*"
    27      resources:
    28        - workflows
    29        - workflowtemplates
    30        - cronworkflows
    31        - clusterworkflowtemplates
    32  ---
    33  apiVersion: rbac.authorization.k8s.io/v1
    34  kind: RoleBinding
    35  metadata:
    36    name: operate-workflow-role-binding
    37    namespace: argo-events
    38  roleRef:
    39    apiGroup: rbac.authorization.k8s.io
    40    kind: Role
    41    name: operate-workflow-role
    42  subjects:
    43    - kind: ServiceAccount
    44      name: operate-workflow-sa
    45  ```
    46  
    47  To make the Workflow triggered by the Sensor work, you also need to give a
    48  Service Account with privileges to the Workflow (the examples use Service
    49  Account `default`), see the detail
    50  [here](https://github.com/argoproj/argo-workflows/blob/master/docs/service-accounts.md).
    51  A minimal Role to make Workflow work looks like following (check the
    52  [origin](https://github.com/argoproj/argo-workflows/blob/master/docs/workflow-rbac.md)):
    53  
    54  ```yaml
    55  apiVersion: rbac.authorization.k8s.io/v1
    56  kind: Role
    57  metadata:
    58    name: workflow-role
    59  rules:
    60    # pod get/watch is used to identify the container IDs of the current pod
    61    # pod patch is used to annotate the step's outputs back to controller (e.g. artifact location)
    62    - apiGroups:
    63        - ""
    64      resources:
    65        - pods
    66      verbs:
    67        - get
    68        - watch
    69        - patch
    70    # logs get/watch are used to get the pods logs for script outputs, and for log archival
    71    - apiGroups:
    72        - ""
    73      resources:
    74        - pods/log
    75      verbs:
    76        - get
    77        - watch
    78  ```
    79  
    80  The Workflow triggered by the Sensor defaults to be in the same namespace as the
    81  Sensor, if you want to trigger it in a different namespace, simply give a
    82  `namespace` in the workflow metadata (in that case, a `ClusterRole` and
    83  `ClusterRoleBinding` are required for `operate-workflow-sa`).