chore(argo-workflows): Improve argo-workflow controller clusterrole policy (#3263)

* chore: improve argo-workflow controller clusterrole Signed-off-by: liyang <daviderli614@gmail.com> * update artifacthub.io/changes Signed-off-by: liyang <daviderli614@gmail.com> --------- Signed-off-by: liyang <daviderli614@gmail.com>
2025-05-02 22:49:06 +08:00 · 2025-05-02 22:49:06 +08:00 · 7008b5b76b
parent ef2a238af5
commit 7008b5b76b
2 changed files with 12 additions and 11 deletions
--- a/charts/argo-workflows/Chart.yaml
+++ b/charts/argo-workflows/Chart.yaml
@ -3,7 +3,7 @@ appVersion: v3.6.7
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.45.13
+version: 0.45.14
 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@ -17,4 +17,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: changed
-      description: Bump argo-workflows to v3.6.7
+      description: Improve argo-workflow controller clusterrole policy
--- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
@ -167,6 +167,16 @@ rules:
  - update
  - patch
  - delete
 {{- if .Values.controller.rbac.accessAllSecrets }}
 - apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - list
  - watch
 {{- else }}
 - apiGroups:
  - ""
  resources:
@ -187,15 +197,6 @@ rules:
  - watch
  resourceNames: {{- toYaml . | nindent 4 }}
 {{- end }}
 {{- if and (not .Values.controller.rbac.secretWhitelist) (.Values.controller.rbac.accessAllSecrets) }}
 - apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - list
  - watch
 {{- end }}
 {{- if and .Values.controller.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }}