| 12345678910111213141516171819202122232425262728293031 |
- #!/bin/sh
- kubectl apply -n argo-api -f - <<EOF
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
- name: argo-api
- rules:
- - apiGroups: [""]
- resources: ["pods"]
- verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
- - apiGroups: ["argoproj.io"]
- resources: ["workflows"]
- verbs: ["list", "update"]
- EOF
- kubectl create sa argo-api --namespace=argo-api
- kubectl create rolebinding argo-api --role=argo-api --serviceaccount=argo:argo-api --namespace=argo-api
- kubectl apply -n argo-api -f - <<EOF
- apiVersion: v1
- kind: Secret
- metadata:
- name: argo-api.service-account-token
- annotations:
- kubernetes.io/service-account.name: argo-api
- type: kubernetes.io/service-account-token
- EOF
- ARGO_TOKEN="Bearer $(kubectl get secret argo-api.service-account-token -o=jsonpath='{.data.token}' -n argo-api | base64 --decode)"
- echo "$ARGO_TOKEN"
- curl https://localhost:32337/api/v1/workflows/argo -H "Authorization: $ARGO_TOKEN" --insecure
|
