apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cert-manager-lego-webhook-challenges
rules:
- apiGroups:
    - "cert-manager.io"
    - "acme.cert-manager.io"
  resources: ["challenges"]
  verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ert-manager-lego-webhook-challenges-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cert-manager-lego-webhook-challenges
subjects:
- kind: ServiceAccount
  name: cert-manager
  namespace: cert-manager-lego-webhook