fix: ekman now uses argocd-manager sa

argocd/reset-ekman-cluster.sh

@@ -5,8 +5,14 @@ kubectl --context ekman delete -f ekman-cluster-admin-token.yaml
 sleep 1
 kubectl --context ekman apply -f ekman-cluster-admin-token.yaml
 
-secret=$(kubectl --context ekman get secret -n kube-system | grep cluster-admin-token | cut -d' ' -f1)
+# secret=$(kubectl --context ekman get secret -n kube-system | grep cluster-admin-token | cut -d' ' -f1)
-token=$(kubectl --context ekman get secret -n kube-system $secret -o yaml | grep ' token:' | cut -d' ' -f4 | base64 -d)
+# token=$(kubectl --context ekman get secret -n kube-system $secret -o yaml | grep ' token:' | cut -d' ' -f4 | base64 -d)
+# sed "s/@token@/$token/" ekman.yaml > _ekman.yaml
+# echo "configure argocd ekman-cluster..."
+# cat _ekman.yaml
+# kubectl --context oceanbox apply -f _ekman.yaml
+
+token=$(kubectl --context ekman get secret -n kube-system argocd-manager-token -o yaml | grep ' token:' | cut -d' ' -f4 | base64 -d)
 sed "s/@token@/$token/" ekman.yaml > _ekman.yaml
 echo "configure argocd ekman-cluster..."
 cat _ekman.yaml

values/system/ekman/argocd-manager-rbac.yaml

@@ -0,0 +1,44 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: argocd-manager
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- nonResourceURLs:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: argocd-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: argocd-manager
+subjects:
+- kind: ServiceAccount
+  name: argocd-manager
+  namespace: kube-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: argocd-manager
+  namespace: kube-system
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    kubernetes.io/service-account.name: argocd-manager
+  name: argocd-manager-token
+  namespace: kube-system
+type: kubernetes.io/service-account-token