I am new to Argo Workflows and following along with this tutorial.
Following along with it, we are to create a service account and then attach the pre-existing workflow-role to the service account, like this:
> kubectl create serviceaccount mike
serviceaccount/mike created # Response from my terminal
> kubectl create rolebinding mike --serviceaccount=argo:mike --role=workflow-role
rolebinding.rbac.authorization.k8s.io/mike created # Response from my terminal
But then when I tried to submit a job using that service account, it said that there is no such role workflow-role:
Message: Error (exit code 1): pods "mike-cli-hello-svlmn" is forbidden: User
"system:serviceaccount:argo:mike" cannot patch resource "pods" in API group "" in the namespace
"argo": RBAC: role.rbac.authorization.k8s.io "workflow-role" not found
(I also do not understand why my default API group is null, but I'm assuming that is unrelated.)
I then checked, and indeed there is no such role:
❯ kubectl get role
NAME CREATED AT
agent 2022-02-28T21:38:31Z
argo-role 2022-02-28T21:38:31Z
argo-server-role 2022-02-28T21:38:32Z
executor 2022-02-28T21:38:32Z
pod-manager 2022-02-28T21:38:32Z
submit-workflow-template 2022-02-28T21:38:32Z
workflow-manager 2022-02-28T21:38:32Z
Could it be that the role is workflow-manager? That sounds more like an automated service to manage the pipeline / DAG or something similar.
I am obviously quite new to Argo. I have successfully launched jobs, but not when trying to use that newly created service account.
Should Argo have a default role of workflow-role? How do I create it?
