github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/syz-cluster/overlays/common/argo/workflow-roles.yaml

github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/syz-cluster/overlays/common/argo/workflow-roles.yaml (about)

     1  # Copyright 2025 syzkaller project authors. All rights reserved.
     2  # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
     3  
     4  apiVersion: rbac.authorization.k8s.io/v1
     5  kind: ClusterRole
     6  metadata:
     7    name: argo-workflow-role
     8  rules:
     9  - apiGroups:
    10      - argoproj.io
    11    resources:
    12      - workflows
    13    verbs:
    14      - get
    15      - list
    16      - watch
    17      - create
    18      - update
    19      - patch
    20      - delete
    21      - status
    22  
    23  ---
    24  
    25  apiVersion: rbac.authorization.k8s.io/v1
    26  kind: ClusterRole
    27  metadata:
    28    name: argo-workflowtasks-role
    29  rules:
    30  - apiGroups: ["argoproj.io"]
    31    resources:
    32    - workflowtaskresults
    33    verbs:
    34    - create
    35    - patch
    36  - apiGroups:
    37      - argoproj.io
    38    resources:
    39      - workflowtasksets
    40      - workflowartifactgctasks
    41    verbs:
    42      - list
    43      - watch
    44  - apiGroups:
    45    - argoproj.io
    46    resources:
    47      - workflowtasksets/status
    48      - workflowartifactgctasks/status
    49    verbs:
    50      - patch
    51  
    52  ---
    53  
    54  apiVersion: rbac.authorization.k8s.io/v1
    55  kind: ClusterRoleBinding
    56  metadata:
    57    name: argo-workflow-role-binding
    58    namespace: default
    59  roleRef:
    60    apiGroup: rbac.authorization.k8s.io
    61    kind: ClusterRole
    62    name: argo-workflow-role
    63  subjects:
    64  - kind: ServiceAccount
    65    name: argo-executor-ksa
    66    namespace: default
    67  - kind: ServiceAccount
    68    name: argo-controller-ksa
    69    namespace: argo
    70  - kind: ServiceAccount
    71    name: gke-service-ksa
    72    namespace: default
    73  
    74  ---
    75  
    76  apiVersion: rbac.authorization.k8s.io/v1
    77  kind: ClusterRoleBinding
    78  metadata:
    79    name: argo-workflowtasks-role-binding
    80    namespace: argo
    81  roleRef:
    82    apiGroup: rbac.authorization.k8s.io
    83    kind: ClusterRole
    84    name: argo-workflowtasks-role
    85  subjects:
    86  - kind: ServiceAccount
    87    name: argo-executor-ksa
    88    namespace: default
    89  - kind: ServiceAccount
    90    name: argo-controller-ksa
    91    namespace: argo
    92  
    93  ---
    94  
    95  apiVersion: rbac.authorization.k8s.io/v1
    96  kind: ClusterRoleBinding
    97  metadata:
    98    name: argo-cluster-role-to-controller-binding
    99    namespace: argo
   100  roleRef:
   101    apiGroup: rbac.authorization.k8s.io
   102    kind: ClusterRole
   103    name: argo-cluster-role
   104  subjects:
   105  - kind: ServiceAccount
   106    name: argo-controller-ksa
   107    namespace: argo
   108  
   109  ---
   110  
   111  apiVersion: rbac.authorization.k8s.io/v1
   112  kind: RoleBinding
   113  metadata:
   114    name: argo-role-to-controller-binding
   115    namespace: argo
   116  roleRef:
   117    apiGroup: rbac.authorization.k8s.io
   118    kind: Role
   119    name: argo-role
   120  subjects:
   121  - kind: ServiceAccount
   122    name: argo-controller-ksa
   123    namespace: argo
   124  
   125  ---
   126  
   127  apiVersion: v1
   128  kind: Secret
   129  metadata:
   130    annotations:
   131      kubernetes.io/service-account.name: argo-executor-ksa
   132    name: argo-executor-ksa.service-account-token
   133  type: kubernetes.io/service-account-token