v2.11 and after
Many clients can send events via the events API endpoint using a standard authorization header. However, for clients that are unable to do so (e.g. because they use signature verification as proof of origin), additional configuration is required.
In the namespace that will receive the event, create access token resources for your client:
- A role with permissions to get workflow templates and to create a workflow: example
- A service account for the client: example.
- A binding of the account to the role: example
- A secret named "argo-workflows-webhook-clients" listing the service accounts: example
The secret "argo-workflows-webhook-clients" tells Argo:
- What type of webhook the account can be used for, e.g. "github"
- What "secret" that webhook is configured for, e.g. in your Github settings page