argo-helm/charts/argo-events/templates/argo-events-webhook/clusterrole.yaml

{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: argo-events-webhook
  labels:
    {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }}
rules:
{{- if .Values.openshift }}
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - clusterroles/finalizers
  verbs:
  - update
- apiGroups:
  - apps
  resources:
  - deployments/finalizers
  verbs:
  - update
{{- end }}
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - list
  - create
  - update
  - delete
  - patch
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - apps
  resources:
  - deployments
  verbs:
  - get
  - list
- apiGroups:
  - admissionregistration.k8s.io
  resources:
  - validatingwebhookconfigurations
  verbs:
  - get
  - list
  - create
  - update
  - delete
  - patch
  - watch
- apiGroups:
  - argoproj.io
  resources:
  - eventbus
  - eventsources
  - sensors
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - clusterroles
  verbs:
  - get
  - list
{{- end }}