apiVersion: v1 kind: ServiceAccount metadata: name: argo-events-webhook-sa namespace: argo-events --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: argo-events-webhook rules: - apiGroups: - "" resources: - secrets verbs: - get - list - create - update - delete - patch - watch - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - apiGroups: - apps resources: - deployments verbs: - get - list - apiGroups: - admissionregistration.k8s.io resources: - validatingwebhookconfigurations verbs: - get - list - create - update - delete - patch - watch - apiGroups: - argoproj.io resources: - eventbus - eventsources - sensors verbs: - get - list - watch - apiGroups: - rbac.authorization.k8s.io resources: - clusterroles verbs: - get - list - apiGroups: - apps resources: - deployments/finalizers - clusterroles/finalizers verbs: - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: argo-events-webhook-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: argo-events-webhook subjects: - kind: ServiceAccount name: argo-events-webhook-sa namespace: argo-events --- apiVersion: v1 kind: Service metadata: name: events-webhook namespace: argo-events spec: ports: - port: 443 targetPort: 443 selector: app: events-webhook --- apiVersion: apps/v1 kind: Deployment metadata: name: events-webhook namespace: argo-events spec: replicas: 1 selector: matchLabels: app: events-webhook template: metadata: labels: app: events-webhook spec: containers: - args: - webhook-service env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: PORT value: "443" image: quay.io/codefresh/argo-events:v1.7.3-cap-CR-19893 imagePullPolicy: Always name: webhook serviceAccountName: argo-events-webhook-sa