diff --git a/charts/argo-cd/templates/argocd-application-controller/coreweave-role.yaml b/charts/argo-cd/templates/argocd-application-controller/coreweave-role.yaml
new file mode 100644
index 00000000..b729f1fd
--- /dev/null
+++ b/charts/argo-cd/templates/argocd-application-controller/coreweave-role.yaml
@@ -0,0 +1,224 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: argocd-full-access
+rules:
+  - apiGroups:
+      - ""
+      - extensions
+      - apps
+      - networking.k8s.io
+    resources:
+      - pods
+      - pods/log
+      - pods/portforward
+      - pods/exec
+      - pods/attach
+      - configmaps
+      - endpoints
+      - events
+      - limitranges
+      - persistentvolumeclaims
+      - persistentvolumeclaims/finalizers
+      - podtemplates
+      - replicationcontrollers
+      - secrets
+      - services
+      - controllerrevisions
+      - deployments
+      - deployments/status
+      - replicasets
+      - statefulsets
+      - applications
+      - ingresses
+      - ingresses/status
+      - networkpolicies
+      - poddisruptionbudgets
+      - serviceaccounts
+      - deployments/scale
+      - statefulsets/scale
+    verbs:
+      - '*'
+  - apiGroups:
+      - bitnami.com
+    resources:
+      - sealedsecrets
+    verbs:
+      - '*'
+  - apiGroups:
+      - virtualservers.coreweave.com
+    resources:
+      - virtualservers
+    verbs:
+      - '*'
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - workflows
+      - workfloweventbindings
+      - workflows/finalizers
+      - workflowtemplates
+      - workflowtemplates/finalizers
+      - cronworkflows
+      - cronworkflows/finalizers
+      - applications
+      - appprojects
+      - workflowtaskresults
+      - workflowtasksets
+      - workflowtasksets/finalizers
+    verbs:
+      - '*'
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - roles
+      - rolebindings
+    verbs:
+      - list
+      - get
+      - watch
+      - create
+      - patch
+      - bind
+      - delete
+      - update
+  - apiGroups:
+      - policy
+    resources:
+      - poddisruptionbudgets
+    verbs:
+      - '*'
+  - apiGroups:
+      - serving.kubeflow.org
+    resources:
+      - inferenceservices
+    verbs:
+      - '*'
+  - apiGroups:
+      - serving.knative.dev
+    resources:
+      - services
+      - revisions
+    verbs:
+      - '*'
+  - apiGroups:
+      - autoscaling.internal.knative.dev
+    resources:
+      - podautoscalers
+    verbs:
+      - '*'
+  - apiGroups:
+      - networking.istio.io
+    resources:
+      - virtualservices
+    verbs:
+      - list
+      - get
+  - apiGroups:
+      - autoscaling
+    resources:
+      - horizontalpodautoscalers
+    verbs:
+      - '*'
+  - apiGroups:
+      - batch
+      - extensions
+    resources:
+      - jobs
+      - jobs/status
+      - cronjobs
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - resourcequotas
+      - limitranges
+    verbs:
+      - list
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+      - get
+      - update
+      - list
+      - watch
+      - patch
+  - apiGroups:
+      - traefik.containo.us
+    resources:
+      - ingressroutes
+      - ingressroutetcps
+      - ingressrouteudps
+      - middlewares
+      - tlsoptions
+      - tlsstores
+      - traefikservices
+    verbs:
+      - '*'
+  - apiGroups:
+      - cdi.kubevirt.io
+    resources:
+      - datavolumes
+      - datavolumes/source
+    verbs:
+      - '*'
+  - apiGroups:
+      - keda.sh
+    resources:
+      - scaledobjects
+      - scaledjobs
+      - triggerauthentications
+    verbs:
+      - '*'
+  - apiGroups:
+      - cert-manager.io
+    resources:
+      - certificates
+      - issuers
+      - certificaterequests
+    verbs:
+      - '*'
+  - apiGroups:
+      - metrics.k8s.io
+    resources:
+      - pods
+    verbs:
+      - list
+      - get
+      - watch
+  - apiGroups:
+      - monitoring.coreos.com
+    resources:
+      - servicemonitors
+    verbs:
+      - '*'
+  - apiGroups:
+      - sps.tensorworks.com.au
+    resources:
+      - spsapps
+      - spsapps/status
+      - scalablepixelstreamingversions
+      - scalablepixelstreamingversions/status
+      - scalablepixelstreamingapplications/status
+      - scalablepixelstreamingapplications
+    verbs:
+      - '*'
+  - apiGroups:
+      - kubeflow.org
+    resources:
+      - mpijobs
+      - tfjobs
+      - mxjobs
+      - pytorchjobs
+      - xgboostjobs
+      - mpijobs/status
+      - tfjobs/status
+      - pytorchjobs/status
+      - mxjobs/status
+      - xgboostjobs/status
+    verbs:
+      - '*'
\ No newline at end of file
diff --git a/charts/argo-cd/templates/argocd-application-controller/coreweave-rolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/coreweave-rolebinding.yaml
index 72a996d2..dbc67a70 100644
--- a/charts/argo-cd/templates/argocd-application-controller/coreweave-rolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/coreweave-rolebinding.yaml
@@ -6,8 +6,8 @@ metadata:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: cloud-app-user-full-access
+  kind: Role
+  name: argocd-full-access
 subjects:
 - kind: ServiceAccount
   name: {{ template "argo-cd.controllerServiceAccountName" . }}