Empowering Workflow Management: A Guide to Accessing Workflows with Access Tokens

OverView :-

In this guide, we will explore the intricacies of accessing Argo Workflows using access tokens. Whether you are a developer integrating workflows into your applications or an administrator managing workflow execution, understanding the utilization of access tokens will enhance your experience with Argo Workflows.

Pre-requestites :-

• A Cluster should be deployed on Minikube or Eks.

• Terraform should be installed on your system.

Deployment Process :-

Note :- Here I’m using an Eks cluster for accessing the argo-workflows by token process. Before starting the process get the cluster ca certificate & endpoint etc,.. And also you need to deploy argo-workflows server on your clutser by using helm chart.

1. Create a folder with name argo-workflows-token and within the folder create terraform configuration files such as main.tf, variable.tf and output.tf.

2. Copy & paste the below code into main.tf file to create a secret token for accessing the workflows.

data "aws_eks_cluster" "eks_cluster" {
  name = var.eks_cluster_name
}

data "aws_eks_cluster_auth" "eks_cluster" {
  name = var.eks_cluster_name
}

provider "kubernetes" {
  host                   = data.aws_eks_cluster.default.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.default.token
}

resource "kubernetes_service_account" "service_account" {
  metadata {
    name      = "access-token-sa"
    namespace = "argo"
  }
}

resource "kubernetes_role" "role" {
  metadata {
    name      = "access-token-role"
    namespace = "argo"
  }

  rule {
    api_groups = ["argoproj.io"]
    resources  = ["workflows"]
    verbs      = ["*"]
  }
}

resource "kubernetes_role_binding" "role_binding" {
  metadata {
    name      = "access-token-role_binding"
    namespace = "argo"
  }

  role_ref {
    kind     = "Role"
    name     = kubernetes_role.role.metadata[0].name
    api_group = "rbac.authorization.k8s.io"
  }

  subject {
    kind      = "ServiceAccount"
    name      = kubernetes_service_account.service_account.metadata[0].name
    namespace = "argo"
  }
}

resource "kubernetes_secret" "secret_token" {
  metadata {
    name      = "mahira.service-account-token"
    namespace = "argo"
    annotations = {
      "kubernetes.io/service-account.name" = "mahira-token"
    }
  }
  type = "kubernetes.io/service-account-token"
}

#variable.tf
variable "eks_cluster_name" {
  description = "cluster name of eks"
  type = string
  default = "mahira-eks-cluster"
}

variable "env_name" {
  type        = string
  description = "Type of environment ex: dev, stage or prod"
  default = "dev"
}

#provider.tf
terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "5.91.0"
    }

    kubernetes = {
      source = "hashicorp/kubernetes"
      version = "2.14.0"
    }

    helm = {
      source = "hashicorp/helm"
      version = "2.5.1"
    }
  }
}

provider "aws" {
  region     = "ap-south-1"
  access_key = "Your AWS access key id"
  secret_key = "Your AWS secret access key id"
}

3. Open a terminal window and export your eks cluster’s kube config and the aws access keys.

4. Navigate to the argo-workflows-token directory and run terraform command’s to deploy the above terraform script.

terraform init
terraform plan
terraform apply

5. After the deployment, connect to your EKS cluster and check the deployment.

Conclusion :-

Access tokens serve as the linchpin for secure and authenticated interactions with Argo Workflows. As we conclude this guide, you’ve gained insights into the seamless generation and application of access tokens, enabling you to harness the full potential of Argo Workflows securely.