rbac

infrastructure/07-certmanager/additional-roles.yaml

@@ -1,23 +1,23 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: dns-challenge-illium
+  name: cert-manager-lego-webhook-challenges
 rules:
 - apiGroups:
     - "cert-manager.io"
     - "acme.cert-manager.io"
-  resources: ["ionos"]
+  resources: ["challenges"]
   verbs: ["*"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: dns-challenge-illium-binding
+  name: ert-manager-lego-webhook-challenges-binding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: dns-challenge-illium
+  name: cert-manager-lego-webhook-challenges
 subjects:
 - kind: ServiceAccount
   name: cert-manager
-  namespace: cert-manager
+  namespace: cert-manager-lego-webhook

infrastructure/07-certmanager/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
   - wildcard-cert.yaml
   - dns-issuer.yaml
   - ionos-secret-sealed.yaml
-  # - additional-roles.yaml
+  - additional-roles.yaml
   - https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
   - namespace.yaml
 

infrastructure/07-certmanager/values-lego.yaml

@@ -5,5 +5,5 @@ webhook:
     tag: main
 
 certManager:
-  namespace: 'cert-manager'
+  namespace: cert-manager
-  serviceAccountName: cert-manager
+  # serviceAccountName: cert-manager