nixos-servers/kubenix-modules/argo.nix
2024-05-08 21:42:08 +02:00

55 lines
1.2 KiB
Nix

{
kubernetes.resources = {
ingresses.argo-workflows = {
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
spec = {
ingressClassName = "traefik";
rules = [{
host = "workflows.kun.is";
http.paths = [{
path = "/";
pathType = "Prefix";
backend.service = {
name = "argo-workflows-server";
port.number = 2746;
};
}];
}];
tls = [{
secretName = "argo-workflows-tls";
hosts = [ "workflows.kun.is" ];
}];
};
};
clusterRoles.argo-admin.rules = [{
apiGroups = [ "argoproj.io" ];
verbs = [ "*" ];
resources = [ "*" ];
}];
serviceAccounts.argo-admin = { };
clusterRoleBindings.argo-admin = {
subjects = [{
kind = "ServiceAccount";
name = "argo-admin";
namespace = "default";
}];
roleRef = {
kind = "ClusterRole";
name = "argo-admin";
apiGroup = "rbac.authorization.k8s.io";
};
};
};
}