apiVersion: v1 kind: ServiceAccount metadata: name: argo-events-webhook-sa namespace: argo-events --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: argo-events-webhook rules: - resources: - secrets apiGroups: - "" verbs: - get - list - create - update - delete - patch - watch - resources: - configmaps apiGroups: - "" verbs: - get - list - watch - resources: - deployments apiGroups: - apps verbs: - get - list - resources: - validatingwebhookconfigurations apiGroups: - admissionregistration.k8s.io verbs: - get - list - create - update - delete - patch - watch - resources: - eventbus - eventsources - sensors apiGroups: - argoproj.io verbs: - get - list - watch - resources: - clusterroles apiGroups: - rbac.authorization.k8s.io verbs: - get - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: argo-events-webhook-binding roleRef: name: argo-events-webhook kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: argo-events-webhook-sa namespace: argo-events kind: ServiceAccount --- apiVersion: v1 kind: Service metadata: name: events-webhook namespace: argo-events spec: selector: app: events-webhook ports: - port: 443 targetPort: 443 --- apiVersion: apps/v1 kind: Deployment metadata: name: events-webhook namespace: argo-events spec: replicas: 1 selector: matchLabels: app: events-webhook template: metadata: labels: app: events-webhook spec: serviceAccountName: argo-events-webhook-sa containers: - name: webhook image: quay.io/argoproj/argo-events:v1.7.6 args: - webhook-service env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: PORT value: "443" imagePullPolicy: Always