feat(argo): add more specific instructions

content/en/docs/operating/setup/installation.md

@@ -142,7 +142,14 @@ There are no specific requirements for using Capsule with GitOps tools like Argo
 
 ### ArgoCD
 
-Manifests to get you started with ArgoCD.
+Manifests to get you started with ArgoCD. For ArgoCD you might need to skip the validation of the `CapsuleConfiguration` resources, otherwise there might be errors on the first install:
+
+```yaml
+manager:
+  options:
+    annotations:
+      argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+```
 
 ```yaml
 ---
@@ -160,6 +167,7 @@ spec:
     targetRevision: 0.10.6
     chart: capsule
     helm:
+      skipCrds: true
       valuesObject:
         crds:
           install: true
@@ -168,8 +176,10 @@ spec:
         tls:
           enableController: false
           create: false
-        manager: 
-          options:  
+        manager:
+          options:
+            annotations:
+              argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
             capsuleConfiguration: default
             ignoreUserGroups:
               - oidc:administators
@@ -182,6 +192,8 @@ spec:
               failurePolicy: Ignore
         serviceMonitor:
           enabled: true
+          annotations:
+            argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
         proxy:
           enabled: true
           webhooks:
@@ -194,6 +206,10 @@ spec:
             extraArgs:
             - "--feature-gates=ProxyClusterScoped=true"
             - "--feature-gates=ProxyAllNamespaced=true"
+          serviceMonitor:
+            enabled: true
+            annotations:
+              argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 
   destination:
     server: https://kubernetes.default.svc
@@ -231,7 +247,6 @@ stringData:
   enableOCI: "true"
 ```
 
-
 ### FluxCD
 
 ```yaml

content/en/docs/reference.md

@@ -738,6 +738,8 @@ TenantSpec defines the desired state of Tenant.
 | :---- | :---- | :----------- | :-------- |
 | **clusterRoleName** | string |  | true |
 | **[subjects](#tenantspecadditionalrolebindingsindexsubjectsindex-1)** | []object | kubebuilder:validation:Minimum=1 | true |
+| **annotations** | map[string]string | Additional Annotations for the synchronized rolebindings | false |
+| **labels** | map[string]string | Additional Labels for the synchronized rolebindings | false |
 
 
 ### Tenant.spec.additionalRoleBindings[index].subjects[index]
@@ -1294,7 +1296,9 @@ relates the key and values.
 | :---- | :---- | :----------- | :-------- |
 | **kind** | enum | Kind of tenant owner. Possible values are "User", "Group", and "ServiceAccount"<br/>*Enum*: User, Group, ServiceAccount<br/> | true |
 | **name** | string | Name of tenant owner. | true |
+| **annotations** | map[string]string | Additional Annotations for the synchronized rolebindings | false |
 | **clusterRoles** | []string | Defines additional cluster-roles for the specific Owner.<br/>*Default*: [admin capsule-namespace-deleter]<br/> | false |
+| **labels** | map[string]string | Additional Labels for the synchronized rolebindings | false |
 | **[proxySettings](#tenantspecownersindexproxysettingsindex-1)** | []object | Proxy settings for tenant owner. | false |
 
 
@@ -1712,6 +1716,8 @@ TenantSpec defines the desired state of Tenant.
 | :---- | :---- | :----------- | :-------- |
 | **clusterRoleName** | string |  | true |
 | **[subjects](#tenantspecadditionalrolebindingsindexsubjectsindex)** | []object | kubebuilder:validation:Minimum=1 | true |
+| **annotations** | map[string]string | Additional Annotations for the synchronized rolebindings | false |
+| **labels** | map[string]string | Additional Labels for the synchronized rolebindings | false |
 
 
 ### Tenant.spec.additionalRoleBindings[index].subjects[index]

content/en/ecosystem/integrations/headlamp.md

@@ -79,19 +79,19 @@ volumes:
   - name: token-ca
     projected:
       sources:
-      - serviceAccountToken:
-          path: token
-      - secret:
-          name: capsule-proxy
-          items:
-          - key: ca.crt
-            path: ca.crt
-      - downwardAPI:
-        items:
-          - fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-            path: namespace
+        - serviceAccountToken:
+            path: token
+        - secret:
+            items:
+              - key: ca
+                path: ca.crt
+            name: capsule-proxy
+        - downwardAPI:
+            items:
+              - fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+                path: namespace
 initContainers:
 - name: add-ca
   image: alpine:3