Skip to content

Workflow Restrictions

v2.9 and after


As the administrator of the controller, you may want to limit which types of Workflows your users can run. Workflow Restrictions allow you to set requirements for all Workflows.

Available Restrictions

  • templateReferencing: Strict: Only process Workflows using workflowTemplateRef. You can use this to require usage of WorkflowTemplates, disallowing arbitrary Workflow execution.
  • templateReferencing: Secure: Same as Strict plus enforce that a referenced WorkflowTemplate hasn't changed between operations. If a running Workflow's underlying WorkflowTemplate changes, the Workflow will error out.

Setting Workflow Restrictions

You can add workflowRestrictions in the workflow-controller-configmap.

For example, to specify that Workflows may only run with workflowTemplateRef:

# This file describes the config settings available in the workflow controller configmap
apiVersion: v1
kind: ConfigMap
  name: workflow-controller-configmap
  workflowRestrictions: |
    templateReferencing: Strict