# Copyright 2025 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ServiceAccount metadata: name: argocd-clusterprofile-sync --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: argocd-clusterprofile-sync-secrets-role rules: - apiGroups: [""] # Core API group resources: ["secrets"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: argocd-clusterprofile-sync-secrets-rolebinding subjects: - kind: ServiceAccount name: argocd-clusterprofile-sync namespace: {{ .Release.Namespace }} roleRef: kind: Role name: argocd-clusterprofile-sync-secrets-role apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: argocd-clusterprofile-sync-cluster-profile-role rules: - apiGroups: ["multicluster.x-k8s.io"] resources: ["clusterprofiles"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: argocd-clusterprofile-sync-cluster-profile-rolebinding subjects: - kind: ServiceAccount name: argocd-clusterprofile-sync namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole name: argocd-clusterprofile-sync-cluster-profile-role apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-clusterprofile-sync spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: argocd-clusterprofile-sync template: metadata: labels: app.kubernetes.io/name: argocd-clusterprofile-sync spec: serviceAccountName: argocd-clusterprofile-sync containers: - name: argocd-clusterprofile-sync image: "{{ .Values.image }}" imagePullPolicy: Always resources: requests: memory: "50Mi" cpu: "50m" limits: memory: "250Mi"