cert-manager + metallb configs

commit: eea069c119949de836066574947477d554d25479 [log] [tgz]
author: giolekva <giolekva@gmail.com> Mon Jul 19 18:13:08 2021 +0400
committer: giolekva <giolekva@gmail.com> Mon Jul 19 18:13:08 2021 +0400
tree: 8f15067ba8cea84f690e1cfff659b79a93e9ef87
parent: ea3347e2e26dbe1283434dc21c947d65c8c86e58 [diff] [blame]
diff --git a/scripts/homelab/cert-manager-webhook-gandi/rbac.yaml b/scripts/homelab/cert-manager-webhook-gandi/rbac.yaml
new file mode 100644
index 0000000..4d06fae
--- /dev/null
+++ b/scripts/homelab/cert-manager-webhook-gandi/rbac.yaml

@@ -0,0 +1,26 @@
+# Role and RoleBinding for gandi-credentials in namespace default
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cert-manager-webhook-gandi:secret-reader
+  namespace: cert-manager
+rules:
+- apiGroups: [""] # indicates the core API group
+  resources: ["secrets"]
+  resourceNames: ["gandi-credentials"]
+  verbs: ["get", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cert-manager-webhook-gandi:secret-reader
+  namespace: cert-manager
+subjects:
+ - apiGroup: ""
+   kind: ServiceAccount
+   name: cert-manager-webhook-gandi
+   namespace: cert-manager
+roleRef:
+  kind: Role
+  name: cert-manager-webhook-gandi:secret-reader
+  apiGroup: rbac.authorization.k8s.io
commit	eea069c119949de836066574947477d554d25479	[log] [tgz]
author	giolekva <giolekva@gmail.com>	Mon Jul 19 18:13:08 2021 +0400
committer	giolekva <giolekva@gmail.com>	Mon Jul 19 18:13:08 2021 +0400
tree	8f15067ba8cea84f690e1cfff659b79a93e9ef87
parent	ea3347e2e26dbe1283434dc21c947d65c8c86e58 [diff] [blame]