apiVersion: v1
kind: ServiceAccount
metadata:
  name: argo-events-webhook-sa
  namespace: argo-events
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: argo-events-webhook
rules:
- resources:
  - secrets
  apiGroups:
  - ""
  verbs:
  - get
  - list
  - create
  - update
  - delete
  - patch
  - watch
- resources:
  - configmaps
  apiGroups:
  - ""
  verbs:
  - get
  - list
  - watch
- resources:
  - deployments
  apiGroups:
  - apps
  verbs:
  - get
  - list
- resources:
  - validatingwebhookconfigurations
  apiGroups:
  - admissionregistration.k8s.io
  verbs:
  - get
  - list
  - create
  - update
  - delete
  - patch
  - watch
- resources:
  - eventbus
  - eventsources
  - sensors
  apiGroups:
  - argoproj.io
  verbs:
  - get
  - list
  - watch
- resources:
  - clusterroles
  apiGroups:
  - rbac.authorization.k8s.io
  verbs:
  - get
  - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: argo-events-webhook-binding
roleRef:
  name: argo-events-webhook
  kind: ClusterRole
  apiGroup: rbac.authorization.k8s.io
subjects:
- name: argo-events-webhook-sa
  namespace: argo-events
  kind: ServiceAccount
---
apiVersion: v1
kind: Service
metadata:
  name: events-webhook
  namespace: argo-events
spec:
  selector:
    app: events-webhook
  ports:
  - port: 443
    targetPort: 443
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: events-webhook
  namespace: argo-events
spec:
  replicas: 1
  selector:
    matchLabels:
      app: events-webhook
  template:
    metadata:
      labels:
        app: events-webhook
    spec:
      serviceAccountName: argo-events-webhook-sa
      containers:
      - name: webhook
        image: quay.io/argoproj/argo-events:v1.7.6
        args:
        - webhook-service
        env:
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: PORT
          value: "443"
        imagePullPolicy: Always