55 lines
1.2 KiB
Nix
55 lines
1.2 KiB
Nix
{
|
|
kubernetes.resources = {
|
|
ingresses.argo-workflows = {
|
|
metadata.annotations = {
|
|
"cert-manager.io/cluster-issuer" = "letsencrypt";
|
|
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
|
|
};
|
|
|
|
spec = {
|
|
ingressClassName = "traefik";
|
|
|
|
rules = [{
|
|
host = "workflows.kun.is";
|
|
|
|
http.paths = [{
|
|
path = "/";
|
|
pathType = "Prefix";
|
|
|
|
backend.service = {
|
|
name = "argo-workflows-server";
|
|
port.number = 2746;
|
|
};
|
|
}];
|
|
}];
|
|
|
|
tls = [{
|
|
secretName = "argo-workflows-tls";
|
|
hosts = [ "workflows.kun.is" ];
|
|
}];
|
|
};
|
|
};
|
|
|
|
clusterRoles.argo-admin.rules = [{
|
|
apiGroups = [ "argoproj.io" ];
|
|
verbs = [ "*" ];
|
|
resources = [ "*" ];
|
|
}];
|
|
|
|
serviceAccounts.argo-admin = { };
|
|
|
|
clusterRoleBindings.argo-admin = {
|
|
subjects = [{
|
|
kind = "ServiceAccount";
|
|
name = "argo-admin";
|
|
namespace = "default";
|
|
}];
|
|
|
|
roleRef = {
|
|
kind = "ClusterRole";
|
|
name = "argo-admin";
|
|
apiGroup = "rbac.authorization.k8s.io";
|
|
};
|
|
};
|
|
};
|
|
}
|