What are the required privileges for argocd-manager-role in a remote cluster?

[gaeljw]

When I added a remote cluster to ArgoCD using argocd cluster add, I didn't notice but the created ClusterRole argocd-manager-role has been created with too many privileges (not sure why, is it because my local kubeconfig had too many privileges?).

Anyway, I'd like to review it and only give it the mandatory privileges. Where can I find such a list? Should it be similar to the argocd-server role on a local cluster?

[dtwilliamsWork]

from https://argo-cd.readthedocs.io/en/stable/getting_started/

The above command installs a ServiceAccount (argocd-manager), into the kube-system namespace of that kubectl context, and binds the service account to an admin-level ClusterRole. Argo CD uses this service account token to perform its management tasks (i.e. deploy/monitoring).

The rules of the argocd-manager-role role can be modified such that it only has create, update, patch, delete privileges to a limited set of namespaces, groups, kinds. However get, list, watch privileges are required at the cluster-scope for Argo CD to function.