add RBAC setup and fix review nits

Author: demonCoder95

cluster/manifests/role-sync-controller/cronjob.yaml

@@ -3,6 +3,7 @@ apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: role-sync-controller
+  namespace: kube-system
   labels:
     application: kubernetes
     component: role-sync-controller
@@ -17,5 +18,4 @@ spec:
           containers:
           - name: role-sync-controller
             image: container-registry.zalando.net/teapot/role-sync-controller:main-1
-            imagePullPolicy: IfNotPresent
 {{ end }}

cluster/manifests/role-sync-controller/rbac.yaml

@@ -0,0 +1,32 @@
+{{ if .Cluster.ConfigItems.role_sync_controller_enabled "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: role-sync-controller
+  labels:
+    application: kubernetes
+    component: role-sync-controller
+rules:
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs: ["list"]
+- apiGroups: ["rbac.authorization.k8s.io"]
+  resources: ["rolebindings"]
+  verbs: ["get", "create", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: role-sync-controller
+  labels:
+    application: kubernetes
+    component: role-sync-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: role-sync-controller
+subjects:
+- kind: ServiceAccount
+  name: role-sync-controller
+  namespace: kube-system
+{{ end }}

cluster/manifests/role-sync-controller/service-account.yaml

@@ -0,0 +1,10 @@
+{{ if .Cluster.ConfigItems.role_sync_controller_enabled "true" }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: role-sync-controller
+  namespace: kube-system
+  labels:
+    application: kubernetes
+    component: role-sync-controller
+{{ end }}