diff --git a/templates/argocd-application-controller/clusterrole.yaml b/templates/argocd-application-controller/clusterrole.yaml
new file mode 100644
index 0000000..5fddb0c
--- /dev/null
+++ b/templates/argocd-application-controller/clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.harness.createClusterRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "argo-cd.controller.fullname" . }}-{{ .Release.Namespace }}
+  labels:
+    {{- include "harness.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+rules:
+  - apiGroups:
+    - '*'
+    resources:
+    - '*'
+    verbs:
+    - '*'
+  - nonResourceURLs:
+    - '*'
+    verbs:
+    - '*'
+{{- end }}
diff --git a/templates/argocd-application-controller/clusterrolebinding.yaml b/templates/argocd-application-controller/clusterrolebinding.yaml
new file mode 100644
index 0000000..a3bc462
--- /dev/null
+++ b/templates/argocd-application-controller/clusterrolebinding.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.harness.createClusterRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "argo-cd.controller.fullname" . }}-{{ .Release.Namespace }}
+  labels:
+    {{- include "harness.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "argo-cd.controller.fullname" . }}-{{ .Release.Namespace }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "argo-cd.controllerServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/templates/argocd-repo-server/clusterrole.yaml b/templates/argocd-repo-server/clusterrole.yaml
new file mode 100644
index 0000000..156661d
--- /dev/null
+++ b/templates/argocd-repo-server/clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.harness.createClusterRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "argo-cd.repoServer.fullname" . }}-{{ .Release.Namespace }}
+  labels:
+    {{- include "harness.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
+rules:
+  - apiGroups:
+    - '*'
+    resources:
+    - '*'
+    verbs:
+    - '*'
+  - nonResourceURLs:
+    - '*'
+    verbs:
+    - '*'
+{{- end }}
diff --git a/templates/argocd-repo-server/clusterrolebinding.yaml b/templates/argocd-repo-server/clusterrolebinding.yaml
new file mode 100644
index 0000000..785d4b8
--- /dev/null
+++ b/templates/argocd-repo-server/clusterrolebinding.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.harness.createClusterRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "argo-cd.repoServer.fullname" . }}-{{ .Release.Namespace }}
+  labels:
+    {{- include "harness.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "argo-cd.repoServer.fullname" . }}-{{ .Release.Namespace }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "argo-cd.repoServerServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/templates/gitops-agent/clusterrole.yaml b/templates/gitops-agent/clusterrole.yaml
index de1ebfe..01a5db1 100644
--- a/templates/gitops-agent/clusterrole.yaml
+++ b/templates/gitops-agent/clusterrole.yaml
@@ -1,5 +1,5 @@
 {{- $argo := (index .Values "argo-cd") -}}
-{{- if .Values.agent.createClusterRole }}
+{{- if .Values.harness.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
diff --git a/templates/gitops-agent/clusterrolebinding.yaml b/templates/gitops-agent/clusterrolebinding.yaml
index 0645ec5..557d520 100644
--- a/templates/gitops-agent/clusterrolebinding.yaml
+++ b/templates/gitops-agent/clusterrolebinding.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.agent.createClusterRole }}
+{{- if .Values.harness.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
diff --git a/values.yaml b/values.yaml
index 3fcb00b..71c7336 100644
--- a/values.yaml
+++ b/values.yaml
@@ -12,6 +12,9 @@ argo-cd:
   # -- String to fully override `"argo-cd.fullname"`
   fullnameOverride: argocd
 
+  # -- These are added as custom templates in each component
+  createClusterRoles: false
+
   ## Argo Configs
   configs:
     # General Argo CD configuration
@@ -188,6 +191,9 @@ harness:
       enabled: false
       secret: ""
 
+  # -- Create cluster role for Argo CD and GitOps agent, required for in-cluster
+  createClusterRoles: true
+
   # Default Harness network policy rules used by all components
   networkPolicy:
     # -- Create NetworkPolicy objects for all components
@@ -212,9 +218,6 @@ agent:
   # -- GitOps Agent identifier name
   harnessName: gitops-agent
 
-  # -- Create cluster role for the agent, required for in-cluster
-  createClusterRole: true
-
   # -- The number of agent pods to run
   replicas: 1
 
@@ -496,12 +499,16 @@ global:
 
 repoServer:
   name: repo-server
+  serviceAccount:
+    create: true
 
 applicationSet:
   name: applicationset-controller
 
 controller:
   name: application-controller
+  serviceAccount:
+    create: true
 
 redis:
   name: redis