Argo workflows
Released
Overview
This module deploys Argo Workflows, an open-source container-native workflow engine for orchestrating parallel jobs on Kubernetes. It sets up the Argo Workflows controller and server using a Helm chart, configures RBAC, and enables SSO integration for secure access to the Argo Workflows UI.
Tip
This implementation uses the official Argo Workflows Helm chart. You can find more details in the Argo Workflows documentation.
Helm values have been customized from the defaults, and common configuration needs are exposed as variables.
If needed the entire helm chart can be customized by setting the override_helm_values
variable.
Additionally, there is a large amount of security roles configuration.
Compute Requirements
For optimal performance, the following resources are recommended:
1 CPU core
2GB of memory
Resource requirements will scale with the number and complexity of workflows being executed.
Warning
When using SSO with Google OAuth, make sure to configure the correct redirect URIs in your Google Cloud Console. The redirect URI should be https://your-domain/oauth2/callback
.
Local Deployment
Argo Workflows will start on port 30083 by default.
Production Considerations
Argo Workflows is licensed under the Apache License 2.0, making it suitable for both personal and commercial use.
Examples
Note
All examples omit the configuration for the kubernetes provider and helm provider. You can find more information about how to configure these providers in the usage section.
Simple
module "argo_workflows" {
source = "kadreio/relativistic/kubernetes//modules/argo_workflows"
}
With SSO
module "argo_workflows" {
source = "kadreio/relativistic/kubernetes//modules/argo_workflows"
# Enable SSO authentication
auth_mode = "sso"
# Configure Google OAuth
google_oauth_client_id = "your-client-id"
google_oauth_client_secret = "your-client-secret"
# Configure domain for SSO
target_domain = "argo-workflows.yourdomain.com"
# Configure allowed domains for SSO
allowed_domains = ["yourdomain.com"]
# Optional: Configure RBAC rule for admin access
rbac_rule = "email == '[email protected]' or email == '[email protected]'"
}
Inputs
Name |
Description |
Type |
Default |
Required |
---|---|---|---|---|
The domains that are allowed to access Argo Workflows |
|
|
no |
|
Argo Workflows chart version |
|
|
no |
|
The subdomain for Argo Workflows |
|
|
no |
|
The authentication mode for Argo Workflows. Options: server, sso, client |
|
|
no |
|
Google OAuth client ID |
|
|
no |
|
Google OAuth client secret |
|
|
no |
|
Override helm values as YAML string |
|
|
no |
|
Rule to validate if a user should be logged in as admin. |
|
|
no |
|
The url of the deployed application |
|
|
no |
Outputs
No outputs.
Providers
Name |
Version |
---|---|
n/a |
|
n/a |
Requirements
No requirements.
Resources
Name |
Type |
---|---|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
|
resource |
Modules
No modules.