-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multi-namespace workflows #2063
Comments
Hi |
This comment was marked as resolved.
This comment was marked as resolved.
I have similar issue: different team may want to create pods in different namespaces - their individual namespace would have different pods to interact with. |
See #3523 |
I was able to achieve this by using the following workaround:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argo-workflows-controller
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- workflowtemplates
- workflowtemplates/finalizers
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- cronworkflows
- cronworkflows/finalizers
verbs:
- get
- list
- watch
|
I tried the above steps, been able to create the job in a different namesapce, however the job stucks in pending status forever, any idea
|
You may now test using #6587 |
…rgoproj#3523, argoproj#2063 Signed-off-by: Alex Collins <alex_collins@intuit.com> mre Signed-off-by: Alex Collins <alex_collins@intuit.com> bits Signed-off-by: Alex Collins <alex_collins@intuit.com> fix(executor): Disambiguate PNS executor initialization log (argoproj#6582) Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> ci: Disable builds on forks (argoproj#6589) Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> fix!: Enable authentication by default on Argo Server `/metrics` endpoint. Fixes argoproj#6592 (argoproj#6595) Signed-off-by: Alex Collins <alex_collins@intuit.com> ok Signed-off-by: Alex Collins <alex_collins@intuit.com> ok Signed-off-by: Alex Collins <alex_collins@intuit.com> ok Signed-off-by: Alex Collins <alex_collins@intuit.com> chore: Upgrade cobra to v1.2.1 (argoproj#6597) Signed-off-by: Alex Collins <alex_collins@intuit.com> ok Signed-off-by: Alex Collins <alex_collins@intuit.com> ok Signed-off-by: Alex Collins <alex_collins@intuit.com> docs: Document auth rate limiting. Fixes argoproj#5217 docs: Document IP address logging. Fixes argoproj#5216 fix: Fix `gosec` warnings, disable pprof by default. Fixes argoproj#6594 (argoproj#6596) Signed-off-by: Alex Collins <alex_collins@intuit.com> ok Signed-off-by: Alex Collins <alex_collins@intuit.com> fix tests Signed-off-by: Alex Collins <alex_collins@intuit.com> fix/skip tests Signed-off-by: Alex Collins <alex_collins@intuit.com> ok Signed-off-by: Alex Collins <alex_collins@intuit.com> ok Signed-off-by: Alex Collins <alex_collins@intuit.com> o Signed-off-by: Alex Collins <alex_collins@intuit.com> ok Signed-off-by: Alex Collins <alex_collins@intuit.com> ok Signed-off-by: Alex Collins <alex_collins@intuit.com> docs: Fix template-defaults duplicated in docs and add missing whitespace in h1 (argoproj#6601) Signed-off-by: Michael Pöllath <mpoellath.dev@gmail.com> docs: fix continue on failure dag example (argoproj#6609) Signed-off-by: Siebren Zwerver <siebren@siebjee.nl> fix: manifests/quick-start/sso for running locally PROFILE=sso (argoproj#6503) Signed-off-by: Tetsuya Shiota <tetsuya.shiota.1231@gmail.com> chore: Run `make codegen` Signed-off-by: Alex Collins <alex_collins@intuit.com> build: disable UI by default for `make start` docs: Document argoproj#6297 breaking change (argoproj#6616) docs: Remove sym-links from docs (argoproj#6617) Signed-off-by: Alex Collins <alex_collins@intuit.com> upgrade to v0.0.9 Signed-off-by: Alex Collins <alex_collins@intuit.com> fix test Signed-off-by: Alex Collins <alex_collins@intuit.com> fix tests Signed-off-by: Alex Collins <alex_collins@intuit.com> add missing label selector Signed-off-by: Alex Collins <alex_collins@intuit.com> add transport wrappers Signed-off-by: Alex Collins <alex_collins@intuit.com> fix clean-up keys Signed-off-by: Alex Collins <alex_collins@intuit.com> ok Signed-off-by: Alex Collins <alex_collins@intuit.com> ok Signed-off-by: Alex Collins <alex_collins@intuit.com> fix: quay.io stuffs Signed-off-by: Alex Collins <alex_collins@intuit.com> fix: support in-cluster correctly Signed-off-by: Alex Collins <alex_collins@intuit.com> ok Signed-off-by: Alex Collins <alex_collins@intuit.com> fix(controller): Initialize throttler during starting workflow-controller. Fixes: argoproj#6599 (argoproj#6608) Signed-off-by: smile-luobin <smile.luobin@gmail.com> docs: Add slack exit handler example. Resolves argoproj#4152 (argoproj#6612) Signed-off-by: J.P. Zivalich <j.p.zivalich@gmail.com> fix: Argo Workflow specs link to not go to raw content (argoproj#6624) Signed-off-by: Andrey Melnikov <vafilor@gmail.com> ci: Build Docker manifest with complete dep list (argoproj#6621) Signed-off-by: Curtis Vogt <curtis.vogt@gmail.com> fix: Upgrade Dataflow to v0.0.96 (argoproj#6622) Signed-off-by: Alex Collins <alex_collins@intuit.com> ok Signed-off-by: Alex Collins <alex_collins@intuit.com> docs: Fix incorrect link to examples (argoproj#6630) Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> fix: Fixed typo in clusterrole (argoproj#6626) Signed-off-by: Saravanan Balasubramanian <sarabala1979@gmail.com> build: Fix repository prefix (argoproj#6636) Signed-off-by: Alex Collins <alex_collins@intuit.com> feat: Upgrade dataflow to v0.0.98 (argoproj#6637) Signed-off-by: Alex Collins <alex_collins@intuit.com> docs: correct https://bit.ly/book-30m-with-argo-team URL feat(controller): Add a shared index informer for ConfigMaps (argoproj#6644) Signed-off-by: Yuan Tang <terrytangyuan@gmail.com> Fix duplicated import Signed-off-by: J.P. Zivalich <j.p.zivalich@gmail.com>
@dudicoco could you elaborate a bit more? I am trying to set this up, but the workflows are not starting. I think I also need to replace, not just add, the cluster role you suggest above. |
@tachyus-ryan we are no longer using argo-workflows after our initial POC so I don't really remember the entire configuration. However, if you post your yaml manifests here perhaps I could help you troubleshoot the problem. |
Updated version for testing: https://github.com/argoproj/argo-workflows/releases/tag/v0.0.0-dev-mc-8 |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as resolved.
This comment was marked as resolved.
To make multi-namespace Workflows properly support the k8s security model, we'd probably need a |
Summary
How do you suggest handling multiple namespaces that run Argo workflows in the new version?
The ways I’m thinking about right now are either:
a) workflow controller for each namespace and an Argo server for each namespace.
b) workflow controller for each namespace and a “managing” namespace which has a Argo server for each namespace with the “managed-namespace” patameter.
Is there a better way? Do you think it will be a good idea for you to implement an option to have one Argo server with multiple managed-namespaces for it?
Motivation
We are the MLOps team and we want every DS team to have their own namespace with their own resource limitations and only show in the Argo UI their own workflows.
The text was updated successfully, but these errors were encountered: