---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kubernetes-replicator
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kubernetes-replicator
rules:
  - apiGroups: ["", "apps", "extensions"]
    resources:
      - secrets
      - configmaps
      - roles
      - rolebindings
      - cronjobs
      - deployments
      - events
      - ingresses
      - jobs
      - pods
      - pods/attach
      - pods/exec
      - pods/log
      - pods/portforward
      - services
      - namespaces
      - serviceaccounts
    verbs: ["*"]
  - apiGroups: ["batch"]
    resources:
      - configmaps
      - cronjobs
      - deployments
      - events
      - ingresses
      - jobs
      - pods
      - pods/attach
      - pods/exec
      - pods/log
      - pods/portforward
      - services
    verbs: ["*"]
  - apiGroups: ["rbac.authorization.k8s.io"]
    resources:
      - roles
      - rolebindings
      - clusterrolebindings
    verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-replicator
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-replicator
subjects:
  - kind: ServiceAccount
    name: kubernetes-replicator
    namespace: kube-system
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: kubernetes-replicator
  namespace: argocd
spec:
  project: default
  source:
    repoURL: "https://helm.mittwald.de"
    chart: "kubernetes-replicator"
    targetRevision: "2.12.0"
    helm:
      releaseName: "kubernetes-replicator"
      values: |
        serviceAccount:
          create: false
          name: kubernetes-replicator
  destination:
    server: "https://kubernetes.default.svc"
    namespace: kube-system
  syncPolicy:
    automated:
      prune: true
      selfHeal: true