From f031c4e65bf7ddc88e8d210548361797fa1d8e5e Mon Sep 17 00:00:00 2001
From: Conan Scott <conanscott@gmail.com>
Date: Sun, 28 Dec 2025 18:08:24 +1100
Subject: [PATCH] added namespace specific rbac

---
 3-argo-metal-rbac.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 3-argo-metal-rbac.yaml

diff --git a/3-argo-metal-rbac.yaml b/3-argo-metal-rbac.yaml
new file mode 100644
index 0000000..9d63f40
--- /dev/null
+++ b/3-argo-metal-rbac.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: argocd-metallb-crs
+  namespace: metallb-system
+rules:
+  - apiGroups: ["metallb.io"]
+    resources: ["ipaddresspools", "l2advertisements"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: argocd-metallb-crs
+  namespace: metallb-system
+subjects:
+  - kind: ServiceAccount
+    name: openshift-gitops-argocd-application-controller
+    namespace: openshift-gitops
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: argocd-metallb-crs