Argo workflows

Released

Overview

This module deploys Argo Workflows, an open-source container-native workflow engine for orchestrating parallel jobs on Kubernetes. It sets up the Argo Workflows controller and server using a Helm chart, configures RBAC, and enables SSO integration for secure access to the Argo Workflows UI.

Tip

This implementation uses the official Argo Workflows Helm chart. You can find more details in the Argo Workflows documentation.

Helm values have been customized from the defaults, and common configuration needs are exposed as variables.

If needed the entire helm chart can be customized by setting the override_helm_values variable.

Additionally, there is a large amount of security roles configuration.

Compute Requirements

For optimal performance, the following resources are recommended:

  • 1 CPU core

  • 2GB of memory

Resource requirements will scale with the number and complexity of workflows being executed.

Warning

When using SSO with Google OAuth, make sure to configure the correct redirect URIs in your Google Cloud Console. The redirect URI should be https://your-domain/oauth2/callback.

Local Deployment

Argo Workflows will start on port 30083 by default.

Production Considerations

Argo Workflows is licensed under the Apache License 2.0, making it suitable for both personal and commercial use.

Examples

Note

All examples omit the configuration for the kubernetes provider and helm provider. You can find more information about how to configure these providers in the usage section.

Simple

module "argo_workflows" {
  source = "kadreio/relativistic/kubernetes//modules/argo_workflows"
} 

With SSO

module "argo_workflows" {
  source = "kadreio/relativistic/kubernetes//modules/argo_workflows"

  # Enable SSO authentication
  auth_mode = "sso"
  
  # Configure Google OAuth
  google_oauth_client_id     = "your-client-id"
  google_oauth_client_secret = "your-client-secret"
  
  # Configure domain for SSO
  target_domain = "argo-workflows.yourdomain.com"

  # Configure allowed domains for SSO
  allowed_domains = ["yourdomain.com"]

  # Optional: Configure RBAC rule for admin access
  rbac_rule = "email == '[email protected]' or email == '[email protected]'"
} 

Inputs

Name

Description

Type

Default

Required

allowed_domains

The domains that are allowed to access Argo Workflows

list(string)

[]

no

argo_workflows_chart_version

Argo Workflows chart version

string

"0.42.3"

no

argo_workflows_subdomain

The subdomain for Argo Workflows

string

"argo-workflows"

no

auth_mode

The authentication mode for Argo Workflows. Options: server, sso, client

string

"server"

no

google_oauth_client_id

Google OAuth client ID

string

""

no

google_oauth_client_secret

Google OAuth client secret

string

""

no

override_helm_values

Override helm values as YAML string

string

""

no

rbac_rule

Rule to validate if a user should be logged in as admin.

string

"false"

no

target_domain

The url of the deployed application

string

"localhost:30083"

no

Outputs

No outputs.

Providers

Name

Version

helm

n/a

kubernetes

n/a

Requirements

No requirements.

Resources

Name

Type

helm_release.argo_workflows

resource

kubernetes_cluster_role.argo_server_cluster_role

resource

kubernetes_cluster_role.super_admin

resource

kubernetes_cluster_role_binding.argo_server_binding

resource

kubernetes_cluster_role_binding.super_admin_binding

resource

kubernetes_secret.admin-argo-service-account-token

resource

kubernetes_secret.argo_sso

resource

kubernetes_secret.other-argo-service-account-token

resource

kubernetes_service.expose_argo_workflows_webserver

resource

kubernetes_service_account.admin_argo

resource

kubernetes_service_account.argo_server

resource

kubernetes_service_account.other_argo

resource

Modules

No modules.