|
|
@@ -1,20 +1,5 @@
|
|
|
#!/bin/sh
|
|
|
-kubectl apply -n argo-api -f - <<EOF
|
|
|
-apiVersion: rbac.authorization.k8s.io/v1
|
|
|
-kind: Role
|
|
|
-metadata:
|
|
|
- name: argo-api
|
|
|
-rules:
|
|
|
- - apiGroups: [""]
|
|
|
- resources: ["pods"]
|
|
|
- verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
|
|
|
- - apiGroups: ["argoproj.io"]
|
|
|
- resources: ["workflows"]
|
|
|
- verbs: ["list", "update"]
|
|
|
-EOF
|
|
|
-
|
|
|
-kubectl create sa argo-api --namespace=argo-api
|
|
|
-kubectl create rolebinding argo-api --role=argo-api --serviceaccount=argo:argo-api --namespace=argo-api
|
|
|
+kubectl create rolebinding argo-api --clusterrole=admin --serviceaccount=argo-api:default --namespace=argo-api
|
|
|
|
|
|
kubectl apply -n argo-api -f - <<EOF
|
|
|
apiVersion: v1
|
|
|
@@ -22,7 +7,7 @@ kind: Secret
|
|
|
metadata:
|
|
|
name: argo-api.service-account-token
|
|
|
annotations:
|
|
|
- kubernetes.io/service-account.name: argo-api
|
|
|
+ kubernetes.io/service-account.name: default
|
|
|
type: kubernetes.io/service-account-token
|
|
|
EOF
|
|
|
|
