charts: cert-manager-webhook-gandi-role
diff --git a/charts/cert-manager-webhook-gandi-role/Chart.yaml b/charts/cert-manager-webhook-gandi-role/Chart.yaml
new file mode 100644
index 0000000..54e3bf9
--- /dev/null
+++ b/charts/cert-manager-webhook-gandi-role/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: cert-manager-webhook-gandi-role
+description: A Helm chart for cert-manager role to let createn gandi resource
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/charts/cert-manager-webhook-gandi-role/templates/role.yaml b/charts/cert-manager-webhook-gandi-role/templates/role.yaml
new file mode 100644
index 0000000..e45a7ab
--- /dev/null
+++ b/charts/cert-manager-webhook-gandi-role/templates/role.yaml
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cert-manager-gandi
+rules:
+- apiGroups:
+ - acme.bwolf.me
+ resources:
+ - gandi
+ verbs:
+ - "*" # TODO(giolekva): limit
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cert-manager-gandi-binding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cert-manager-gandi
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.certManager.name }}
+ namespace: {{ .Values.certManager.namespace }}
diff --git a/charts/cert-manager-webhook-gandi-role/values.yaml b/charts/cert-manager-webhook-gandi-role/values.yaml
new file mode 100644
index 0000000..0b00b32
--- /dev/null
+++ b/charts/cert-manager-webhook-gandi-role/values.yaml
@@ -0,0 +1,3 @@
+certManager:
+ name: pcloud-cert-manager
+ namespace: pcloud-cert-manager