cypher
/
betelgeusebytes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
betelgeusebytes/k8s/argoflow/argo.yaml

146 lines
4.1 KiB
YAML
Raw Blame History

apiVersion: v1
kind: Secret
metadata:
name: argo-artifacts
namespace: ml
type: Opaque
stringData:
accesskey: "minioadmin" # <-- change
secretkey: "minioadmin" # <-- change
---
apiVersion: v1
kind: ConfigMap
metadata:
name: workflow-controller-configmap
namespace: ml
data:
config: |
artifactRepository:
s3:
bucket: argo-artifacts
endpoint: minio.betelgeusebytes.io # no scheme here
insecure: false # https via Ingress
accessKeySecret:
name: argo-artifacts
key: accesskey
secretKeySecret:
name: argo-artifacts
key: secretkey
keyFormat: "{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}"
---
# k8s/argo/workflows/ns-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: argo-server
namespace: ml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argo-namespaced
namespace: ml
rules:
- apiGroups: [""]
resources: ["pods","pods/log","secrets","configmaps","events","persistentvolumeclaims","serviceaccounts"]
verbs: ["get","list","watch","create","delete","patch","update"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get","list","watch","create","delete","patch","update"]
- apiGroups: ["argoproj.io"]
resources: ["workflows","workflowtemplates","cronworkflows","workfloweventbindings","sensors","eventsources","workflowtasksets","workflowartifactgctasks","workflowtaskresults"]
verbs: ["get","list","watch","create","delete","patch","update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-namespaced-binding
namespace: ml
subjects:
- kind: ServiceAccount
name: argo-server
namespace: ml
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-namespaced
---
# k8s/argo/workflows/controller.yaml
apiVersion: apps/v1
kind: Deployment
metadata: { name: workflow-controller, namespace: ml }
spec:
replicas: 1
selector: { matchLabels: { app: workflow-controller } }
template:
metadata: { labels: { app: workflow-controller } }
spec:
serviceAccountName: argo-server
containers:
- name: controller
image: quay.io/argoproj/workflow-controller:latest
args: ["--namespaced"]
env:
- name: LEADER_ELECTION_IDENTITY
valueFrom:
fieldRef:
fieldPath: metadata.name
ports: [{ containerPort: 9090 }]
readinessProbe:
httpGet: { path: /metrics, port: 9090, scheme: HTTPS }
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
httpGet: { path: /metrics, port: 9090, scheme: HTTPS }
initialDelaySeconds: 20
periodSeconds: 20
---
# k8s/argo/workflows/server.yaml
apiVersion: apps/v1
kind: Deployment
metadata: { name: argo-server, namespace: ml }
spec:
replicas: 1
selector: { matchLabels: { app: argo-server } }
template:
metadata: { labels: { app: argo-server } }
spec:
serviceAccountName: argo-server
containers:
- name: server
image: quay.io/argoproj/argocli:latest
args: ["server","--auth-mode","server","--namespaced","--secure=false"]
ports: [{ containerPort: 2746 }]
readinessProbe:
httpGet: { path: /, port: 2746, scheme: HTTP }
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
httpGet: { path: /, port: 2746, scheme: HTTP }
initialDelaySeconds: 20
periodSeconds: 20
---
apiVersion: v1
kind: Service
metadata: { name: argo-server, namespace: ml }
spec: { selector: { app: argo-server }, ports: [ { port: 80, targetPort: 2746 } ] }
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argo
namespace: ml
annotations: { cert-manager.io/cluster-issuer: letsencrypt-prod }
spec:
ingressClassName: nginx
tls: [{ hosts: ["argo.betelgeusebytes.io"], secretName: argo-tls }]
rules:
- host: argo.betelgeusebytes.io
http:
paths:
- path: /
pathType: Prefix
backend: { service: { name: argo-server, port: { number: 80 } } }
Reference in New Issue View Git Blame Copy Permalink