apiVersion: v1 kind: ServiceAccount metadata: name: argocd-clusterprofile-sync namespace: argocd --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: argocd name: argocd-clusterprofile-sync-secrets-role rules: - apiGroups: [""] # Core API group resources: ["secrets"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: namespace: argocd name: argocd-clusterprofile-sync-secrets-rolebinding subjects: - kind: ServiceAccount name: argocd-clusterprofile-sync namespace: argocd roleRef: kind: Role name: argocd-clusterprofile-sync-secrets-role apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: argocd-clusterprofile-sync-cluster-profile-role rules: - apiGroups: ["multicluster.x-k8s.io"] resources: ["clusterprofiles"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: argocd-clusterprofile-sync-cluster-profile-rolebinding subjects: - kind: ServiceAccount name: argocd-clusterprofile-sync namespace: argocd roleRef: kind: ClusterRole name: argocd-clusterprofile-sync-cluster-profile-role apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-clusterprofile-sync namespace: argocd spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: argocd-clusterprofile-sync template: metadata: labels: app.kubernetes.io/name: argocd-clusterprofile-sync spec: serviceAccountName: argocd-clusterprofile-sync containers: - name: argocd-clusterprofile-sync image: "$PATH_TO_IMAGE" imagePullPolicy: Always resources: requests: memory: "50Mi" cpu: "50m" limits: memory: "250Mi"