chore: Clean up unnecessary privileges for argo-events-sa (argoproj#1175

)

Signed-off-by: Derek Wang <whynowy@gmail.com>

docs/concepts/event_source.md

@@ -10,22 +10,24 @@ Available event-sources:
 1. AWS SQS
 1. Azure Events Hub
 1. Cron Schedules
+1. Emitter
+1. File Based Events
 1. GCP PubSub
+1. Generic EventSource
 1. GitHub
 1. GitLab
 1. HDFS
-1. File Based Events
+1. K8s Resources
 1. Kafka
 1. Minio
-1. NATS
 1. MQTT
-1. K8s Resources
+1. NATS
+1. Pulsar
 1. Slack
 1. NetApp StorageGrid
 1. Webhooks
 1. Stripe
 1. NSQ
-1. Emitter
 1. Redis
 
 

docs/eventsources/ha.md

@@ -53,5 +53,5 @@ old one is gone.
 
 ## More
 
-Check [this](../dr_ha_recommendations.md) out to learn more information about
-DR/HA.
+Click [here](../dr_ha_recommendations.md) to learn more information about Argo
+Events DR/HA recommendations.

docs/eventsources/setup/nats.md

@@ -65,7 +65,6 @@ NATS event-source specification is available [here](https://github.com/argoproj/
               labels:
                 component: nats
             spec:
-              serviceAccountName: argo-events-sa
               containers:
               - name: nats
                 image: nats:latest

docs/index.md

@@ -2,9 +2,10 @@
 
 ## What is Argo Events?
 
-**Argo Events** is an event-driven workflow automation framework for Kubernetes 
-which helps you trigger K8s objects, Argo Workflows, Serverless workloads, etc. 
-on events from variety of sources like webhook, s3, schedules, messaging queues, gcp pubsub, sns, sqs, etc.
+**Argo Events** is an event-driven workflow automation framework for Kubernetes
+which helps you trigger K8s objects, Argo Workflows, Serverless workloads, etc.
+on events from variety of sources like webhook, s3, schedules, messaging queues,
+gcp pubsub, sns, sqs, etc.
 
 <br/>
 <br/>
@@ -17,20 +18,24 @@ on events from variety of sources like webhook, s3, schedules, messaging queues,
 
 ## Features
 
-* Supports events from 20+ event sources.
-* Ability to customize business-level constraint logic for workflow automation.
-* Manage everything from simple, linear, real-time to complex, multi-source events.
-* Supports Kubernetes Objects, Argo Workflow, AWS Lambda, Serverless, etc. as triggers.
-* [CloudEvents](https://cloudevents.io/) compliant.
+- Supports events from 20+ event sources.
+- Ability to customize business-level constraint logic for workflow automation.
+- Manage everything from simple, linear, real-time to complex, multi-source
+  events.
+- Supports Kubernetes Objects, Argo Workflow, AWS Lambda, Serverless, etc. as
+  triggers.
+- [CloudEvents](https://cloudevents.io/) compliant.
 
 ## Getting Started
-Follow these [instruction](https://argoproj.github.io/argo-events/installation/) to set up Argo Events.
+
+Follow these [instruction](https://argoproj.github.io/argo-events/installation/)
+to set up Argo Events.
 
 ## Documentation
 
 - [Concepts](https://argoproj.github.io/argo-events/concepts/architecture/).
 - [Argo Events in action](https://argoproj.github.io/argo-events/quick_start/).
-- [Deep dive into Argo Events](https://argoproj.github.io/argo-events/tutorials/01-introduction/).  
+- [Deep dive into Argo Events](https://argoproj.github.io/argo-events/tutorials/01-introduction/).
 
 ## Triggers
 
@@ -41,30 +46,29 @@ Follow these [instruction](https://argoproj.github.io/argo-events/installation/)
 1. NATS Messages
 1. Kafka Messages
 1. Slack Notifications
+1. Azure Event Hubs Messages
 1. Argo Rollouts
 1. Custom Trigger / Build Your Own Trigger
 1. Apache OpenWhisk
-
+1. Log Trigger
 
 ## Event Sources
 
-Argo-Events supports 20+ event sources. The complete list of event sources is available [here](https://argoproj.github.io/argo-events/concepts/event_source/).
+Argo Events supports 20+ event sources. The complete list of event sources is
+available [here](https://argoproj.github.io/argo-events/concepts/event_source/).
 
 ## Who uses Argo Events?
-Organizations below are **officially** using Argo Events. Please send a PR with your organization name if you are using Argo Events.
 
-1. [BioBox Analytics](https://biobox.io)
-1. [BlackRock](https://www.blackrock.com/)
-1. [Canva](https://www.canva.com/)
-1. [Fairwinds](https://fairwinds.com/)
-1. [InsideBoard](https://www.insideboard.com)
-1. [Intuit](https://www.intuit.com/)
-1. [Viaduct](https://www.viaduct.ai/)
+Check the [list](https://github.com/argoproj/argo-events/blob/master/USERS.md)
+to see who are **officially** using Argo Events. Please send a PR with your
+organization name if you are using Argo Events.
 
 ## Community Blogs and Presentations
 
-* [Automation of Everything - How To Combine Argo Events, Workflows & Pipelines, CD, and Rollouts](https://youtu.be/XNXJtxkUKeY)
-* [Argo Events - Event-Based Dependency Manager for Kubernetes](https://youtu.be/sUPkGChvD54)
-* [Automating Research Workflows at BlackRock](https://www.youtube.com/watch?v=ZK510prml8o)
-* [Designing A Complete CI/CD Pipeline CI/CD Pipeline Using Argo Events, Workflows, and CD](https://www.slideshare.net/JulianMazzitelli/designing-a-complete-ci-cd-pipeline-using-argo-events-workflow-and-cd-products-228452500)
-* TGI Kubernetes with Joe Beda: [CloudEvents and Argo Events](https://www.youtube.com/watch?v=LQbBgQnUs_k&list=PL7bmigfV0EqQzxcNpmcdTJ9eFRPBe-iZa&index=2&t=0s)
+- [Automation of Everything - How To Combine Argo Events, Workflows & Pipelines, CD, and Rollouts](https://youtu.be/XNXJtxkUKeY)
+- [Argo Events - Event-Based Dependency Manager for Kubernetes](https://youtu.be/sUPkGChvD54)
+- [Argo Events Deep-dive](https://youtu.be/U4tCYcCK20w)
+- [Automating Research Workflows at BlackRock](https://www.youtube.com/watch?v=ZK510prml8o)
+- [Designing A Complete CI/CD Pipeline CI/CD Pipeline Using Argo Events, Workflows, and CD](https://www.slideshare.net/JulianMazzitelli/designing-a-complete-ci-cd-pipeline-using-argo-events-workflow-and-cd-products-228452500)
+- TGI Kubernetes with Joe Beda:
+  [CloudEvents and Argo Events](https://www.youtube.com/watch?v=LQbBgQnUs_k&list=PL7bmigfV0EqQzxcNpmcdTJ9eFRPBe-iZa&index=2&t=0s)

docs/sensors/ha.md

@@ -9,7 +9,5 @@ elected to be active if the old one is gone.
 **Please DO NOT manually scale up the replicas, that might cause unexpected
 behaviors!**
 
-## More
-
-Check [this](../dr_ha_recommendations.md) out to learn more information about
-DR/HA.
+Click [here](../dr_ha_recommendations.md) to learn more information about Argo
+Events DR/HA recommendations.

docs/sensors/triggers/build-your-own-trigger.md

@@ -47,13 +47,6 @@ Let's look at the following sensor,
         metadata:
           name: webhook-sensor
         spec:
-          template:
-            spec:
-              containers:
-                - name: sensor
-                  image: metalgearsolid/sensor:v0.15.0
-                  imagePullPolicy: Always
-              serviceAccountName: argo-events-sa
           dependencies:
             - name: test-dep
               eventSourceName: webhook

docs/sensors/triggers/http-trigger.md

@@ -184,8 +184,6 @@ to invoke OpenFaas function.
         metadata:
           name: redis-sensor
         spec:
-          template:
-            serviceAccountName: argo-events-sa
           dependencies:
             - name: test-dep
               eventSourceName: redis
@@ -233,8 +231,6 @@ Similar to REST API calls, you can easily invoke Kubeless functions using HTTP t
         metadata:
           name: nats-sensor
         spec:
-          template:
-            serviceAccountName: argo-events-sa
           dependencies:
             - name: test-dep
               eventSourceName: nats

docs/sensors/triggers/k8s-object-trigger.md

@@ -30,7 +30,7 @@ set up event-driven pipelines for existing workloads.
           name: webhook
         spec:
           template:
-            serviceAccountName: argo-events-sa
+            serviceAccountName: create-pod-sa # A service account has privileges to create a Pod
           dependencies:
             - name: test-dep
               eventSourceName: webhook

docs/service-accounts.md

@@ -32,7 +32,7 @@ A `Service Account` also can be specified in a Sensor object via
 `spec.template.serviceAccountName`, this is only needed when `k8s` trigger or
 `argoWorkflow` trigger is defined in the Sensor object.
 
-The sensor examples provided by us use `argo-events-sa` service account to
+The sensor examples provided by us use `operate-workflow-sa` service account to
 execute the triggers, but it has more permissions than needed, and you may want
 to limit those privileges based on your use-case. It's always a good practice to
 create a service account with minimum privileges to execute it.

docs/tutorials/01-introduction.md

@@ -1,51 +1,63 @@
 # Introduction
 
-In the tutorials, we will cover every aspect of Argo Events and demonstrate how you 
-can leverage these features to build an event driven workflow pipeline. All the concepts you will learn
-in this tutorial and subsequent ones can be applied to any type of event-source.
+In the tutorials, we will cover every aspect of Argo Events and demonstrate how
+you can leverage these features to build an event driven workflow pipeline. All
+the concepts you will learn in this tutorial and subsequent ones can be applied
+to any type of event-source.
 
 ## Prerequisites
-* Follow the installation guide to set up the Argo Events. 
-* Make sure to configure Argo Workflow controller to listen to workflow objects
-created in `argo-events` namespace.
-* Make sure to read the concepts behind [eventbus](https://argoproj.github.io/argo-events/concepts/eventbus/),
-[sensor](https://argoproj.github.io/argo-events/concepts/sensor/),
-[event source](https://argoproj.github.io/argo-events/concepts/event_source/).
+
+- Follow the installation guide to set up the Argo Events.
+- Make sure to configure Argo Workflow controller to listen to workflow objects
+  created in `argo-events` namespace.
+- Make sure to read the concepts behind
+  [eventbus](https://argoproj.github.io/argo-events/concepts/eventbus/),
+  [sensor](https://argoproj.github.io/argo-events/concepts/sensor/),
+  [event source](https://argoproj.github.io/argo-events/concepts/event_source/).
+- Follow the
+  [instruction](https://github.com/argoproj/argo-events/tree/master/examples) to
+  create a Service Account `operate-workflow-sa` with proper privileges, and
+  make sure the Service Account used by Workflows (here we use `default` in the
+  turorials for demostration purpose) has proper RBAC settings.
 
 ## Get Started
 
-We are going to set up a sensor and event-source for webhook. The goal is to trigger an Argo workflow upon a HTTP Post request.
+We are going to set up a sensor and event-source for webhook. The goal is to
+trigger an Argo workflow upon a HTTP Post request.
 
-* Let' set up the eventbus,
+- Let' set up the eventbus,
 
         kubectl -n argo-events apply -f https://raw.githubusercontent.com/argoproj/argo-events/stable/examples/eventbus/native.yaml
 
-* Create the webhook event source.
+- Create the webhook event source.
 
         kubectl -n argo-events apply -f https://raw.githubusercontent.com/argoproj/argo-events/stable/examples/event-sources/webhook.yaml
 
-* Create the webhook sensor.
+- Create the webhook sensor.
 
         kubectl -n argo-events apply -f https://raw.githubusercontent.com/argoproj/argo-events/stable/examples/sensors/webhook.yaml
-
-If the commands are executed successfully, the eventbus, event-source and sensor pods will get created. You will
-also notice that a service is created for the event-source. 
 
-* Expose the event-source pod via Ingress, OpenShift Route or port forward to consume requests over HTTP.
+If the commands are executed successfully, the eventbus, event-source and sensor
+pods will get created. You will also notice that a service is created for the
+event-source.
+
+- Expose the event-source pod via Ingress, OpenShift Route or port forward to
+  consume requests over HTTP.
 
         kubectl -n argo-events port-forward <event-source-pod-name> 12000:12000
 
-* Use either Curl or Postman to send a post request to the `http://localhost:12000/example`
+- Use either Curl or Postman to send a post request to the
+  `http://localhost:12000/example`
 
         curl -d '{"message":"this is my first webhook"}' -H "Content-Type: application/json" -X POST http://localhost:12000/example
 
-* Now, you should see an Argo workflow being created.
+- Now, you should see an Argo workflow being created.
 
         kubectl -n argo-events get wf
 
-* Make sure the workflow pod ran successfully.
+- Make sure the workflow pod ran successfully.
 
-        _________________________________________ 
+        _________________________________________
         / {"context":{"type":"webhook","specVersi \
         | on":"0.3","source":"webhook","e |
         | ventID":"38376665363064642d343336352d34 |
@@ -59,39 +71,41 @@ also notice that a service is created for the event-source.
         | FnZW50IjpbImN1cmwvNy41NC4wIl19LCJib2R5I |
         | jp7Im1lc3NhZ2UiOiJ0aGlzIGlzIG15IGZpcnN0 |
         \ IHdlYmhvb2sifX0="}                      /
-         ----------------------------------------- 
+         -----------------------------------------
             \
              \
-              \     
-                            ##        .            
-                      ## ## ##       ==            
-                   ## ## ## ##      ===            
-               /""""""""""""""""___/ ===        
-          ~~~ {~~ ~~~~ ~~~ ~~~~ ~~ ~ /  ===- ~~~   
-               \______ o          __/            
-                \    \        __/             
-                  \____\______/   
-
-
-<b>Note:</b> You will see the message printed in the workflow logs contains both the event context
-and data, with data being base64 encoded. In later sections, we will see how to extract particular key-value
-from event context or data and pass it to the workflow as arguments.
+              \
+                            ##        .
+                      ## ## ##       ==
+                   ## ## ## ##      ===
+               /""""""""""""""""___/ ===
+          ~~~ {~~ ~~~~ ~~~ ~~~~ ~~ ~ /  ===- ~~~
+               \______ o          __/
+                \    \        __/
+                  \____\______/
+
+<b>Note:</b> You will see the message printed in the workflow logs contains both
+the event context and data, with data being base64 encoded. In later sections,
+we will see how to extract particular key-value from event context or data and
+pass it to the workflow as arguments.
 
 ## Troubleshoot
 
 If you don't see the event-source and sensor pod in `argo-events` namespace,
 
-  1. Inspect the event-source
-
-        kubectl -n argo-events get eventsource event-source-object-name -o yaml
+1. Inspect the event-source
+
+   kubectl -n argo-events get eventsource event-source-object-name -o yaml
+
+   Inspect the sensor,
 
-     Inspect the sensor,
+   kubectl -n argo-events get sensor sensor-object-name -o yaml
 
-        kubectl -n argo-events get sensor sensor-object-name -o yaml
+   and look for any errors within the `Status`.
 
-     and look for any errors within the `Status`.
-  2. Make sure the correct Role and RoleBindings are applied to the service account
-     and there are no errors in both event-source and sensor controller.
-  3. Check the logs of event-source and sensor controller. Make sure the controllers
-     have processed the event-source and sensor objects and there are no errors.
-  4. Raise an issue on GitHub or post a question on `argo-events` slack channel.
+2. Make sure the correct Role and RoleBindings are applied to the service
+   account and there are no errors in both event-source and sensor controller.
+3. Check the logs of event-source and sensor controller. Make sure the
+   controllers have processed the event-source and sensor objects and there are
+   no errors.
+4. Raise an issue on GitHub or post a question on `argo-events` slack channel.