Cluster-level permissions FAQs
- Why do you need cluster-level permissions?
- A third party Kubernetes library called Argo is used to dynamically manage plugins or integration pods that HCL DevOps Velocity (Velocity) uses to link with external tools. For running integrations on Velocity, a pod is provisioned dynamically at runtime for each execution. Plugins are programming language independent and securely isolated while accessing resources on the pod without interfering with any core services.
- What service creates pods dynamically and how is it accomplished?
- The Argo
workflow-controller
creates pods dynamically when it detects the creation of a workflow that is a Custom resource definition (CRD).
- What resources are added to the Velocity installation to support integration executions?
- Resources are detailed in the following table.
Table 1. Argo resources Resource Name Description CustomResourceDefinition
cronworkflows.argoproj.io
This workflow control tracks the call of a plugin execution. CustomResourceDefinition
workflows.argoproj.io
Provisions pods for plugin execution CustomResourceDefinition
workfloweventbindings.argoproj.io
Informs calling workflows of provisioned pod status CustomResourceDefinition
clusterworkflowtemplates.argoproj.io
Cluster scoped templates defining instructions for running workflows CustomResourceDefinition
workflowtemplates.argoproj.io
Namespace scoped templates defining instructions for running workflows ServiceAccount
argo
New service account used by both the workflow controller and the Velocity reporting-consumer
micro-service to interact with specific resources scoped to the namespace.Role
argo-role
Special role to retrieve, create and delete pods, execute pods, and generate pod logs consisting of workflow CRDs bound to the Argo ServiceAccount
only.RoleBinding
argo-binding
The binding for the ServiceAccount
and theargo-role
.ConfigMap
workflow-controller-configmap
Configuration for the Argo workflow-controller
.Deployment
workflow-controller
Deployment for the main Argo workflow-controller
.
- How long are cluster-level permissions required?
- The time required for a successful installation of Velocity. Also, temporary cluster-level permissions may be required in specific upgrade scenarios. Contact either your Kubernetes or OpenShift administrator beforehand to ensure an efficient installation or upgrade process.