官方文档例子中一直使用的 sa 是
serviceAccountName: operate-workflow-sa
不过如果你觉得太麻烦也可以像我一样,直接把 role 附加到 Namespace 上
下面的例子是 把 权限 role 直接绑定到了 名为 argo 的 Namespace 上
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argo-operate-workflow-role
namespace: argo
rules:
- apiGroups:
- argoproj.io
verbs:
- "*"
resources:
- workflows
- workflowtemplates
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-operate-workflow-role-binding
namespace: argo
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-operate-workflow-role
subjects:
- kind: ServiceAccount
name: default
namespace: argo
