cert-manager-webhook-pcloud: role

commit: c9d88a067babf04f2047308774fb7e805f5d3b9d [log] [tgz]
author: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Thu Dec 07 13:50:37 2023 +0400
committer: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Thu Dec 07 13:50:37 2023 +0400
tree: dca80e69a6f8cc27590f61049d07f181d64ac166
parent: e58fc59cf4e5751ad521d040123d87aba8f2b6ae [diff]
diff --git a/charts/cert-manager-webhook-pcloud/templates/role.yaml b/charts/cert-manager-webhook-pcloud/templates/role.yaml
new file mode 100644
index 0000000..8671ae4
--- /dev/null
+++ b/charts/cert-manager-webhook-pcloud/templates/role.yaml

@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cert-manager-pcloud
+rules:
+- apiGroups:
+  - dodo.cloud
+  resources:
+  - pcloud-dns-solver
+  verbs:
+  - "*" # TODO(giolekva): limit
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cert-manager-pcloud-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cert-manager-pcloud
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.certManager.name }}
+  namespace: {{ .Values.certManager.namespace }}
commit	c9d88a067babf04f2047308774fb7e805f5d3b9d	[log] [tgz]
author	Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>	Thu Dec 07 13:50:37 2023 +0400
committer	Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>	Thu Dec 07 13:50:37 2023 +0400
tree	dca80e69a6f8cc27590f61049d07f181d64ac166
parent	e58fc59cf4e5751ad521d040123d87aba8f2b6ae [diff]