diff --git a/component/cert-exoscale.jsonnet b/component/cert-exoscale.jsonnet index 6763587..beb802f 100644 --- a/component/cert-exoscale.jsonnet +++ b/component/cert-exoscale.jsonnet @@ -49,6 +49,35 @@ local certExoscale = com.Kustomization( value: %(namespace)s ||| % { namespace: paramsCertManager.namespace }, }, + { + target: { + kind: 'Role', + name: 'cert-manager-webhook-exoscale:secrets-reader', + }, + patch: ||| + - op: replace + path: /kind + value: ClusterRole + - op: remove + path: /metadata/namespace + |||, + }, + { + target: { + kind: 'RoleBinding', + name: 'cert-manager-webhook-exoscale:secrets-reader', + }, + patch: ||| + - op: replace + path: /kind + value: ClusterRoleBinding + - op: remove + path: /metadata/namespace + - op: replace + path: /roleRef/kind + value: ClusterRole + |||, + }, { target: { kind: 'APIService', diff --git a/tests/golden/defaults/cert-exoscale/cert-exoscale/10_kustomize/cert-exoscale/rbac.authorization.k8s.io_v1_role_cert-manager-webhook-exoscale:secrets-reader.yaml b/tests/golden/defaults/cert-exoscale/cert-exoscale/10_kustomize/cert-exoscale/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-webhook-exoscale:secrets-reader.yaml similarity index 87% rename from tests/golden/defaults/cert-exoscale/cert-exoscale/10_kustomize/cert-exoscale/rbac.authorization.k8s.io_v1_role_cert-manager-webhook-exoscale:secrets-reader.yaml rename to tests/golden/defaults/cert-exoscale/cert-exoscale/10_kustomize/cert-exoscale/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-webhook-exoscale:secrets-reader.yaml index 9146b00..a217518 100644 --- a/tests/golden/defaults/cert-exoscale/cert-exoscale/10_kustomize/cert-exoscale/rbac.authorization.k8s.io_v1_role_cert-manager-webhook-exoscale:secrets-reader.yaml +++ b/tests/golden/defaults/cert-exoscale/cert-exoscale/10_kustomize/cert-exoscale/rbac.authorization.k8s.io_v1_clusterrole_cert-manager-webhook-exoscale:secrets-reader.yaml @@ -1,5 +1,5 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: labels: app: exoscale-webhook @@ -7,7 +7,6 @@ metadata: heritage: Helm release: exoscale-webhook name: cert-manager-webhook-exoscale:secrets-reader - namespace: syn-cert-manager rules: - apiGroups: - "" diff --git a/tests/golden/defaults/cert-exoscale/cert-exoscale/10_kustomize/cert-exoscale/rbac.authorization.k8s.io_v1_rolebinding_cert-manager-webhook-exoscale:secrets-reader.yaml b/tests/golden/defaults/cert-exoscale/cert-exoscale/10_kustomize/cert-exoscale/rbac.authorization.k8s.io_v1_clusterrolebinding_cert-manager-webhook-exoscale:secrets-reader.yaml similarity index 87% rename from tests/golden/defaults/cert-exoscale/cert-exoscale/10_kustomize/cert-exoscale/rbac.authorization.k8s.io_v1_rolebinding_cert-manager-webhook-exoscale:secrets-reader.yaml rename to tests/golden/defaults/cert-exoscale/cert-exoscale/10_kustomize/cert-exoscale/rbac.authorization.k8s.io_v1_clusterrolebinding_cert-manager-webhook-exoscale:secrets-reader.yaml index 7f1ce15..743a93b 100644 --- a/tests/golden/defaults/cert-exoscale/cert-exoscale/10_kustomize/cert-exoscale/rbac.authorization.k8s.io_v1_rolebinding_cert-manager-webhook-exoscale:secrets-reader.yaml +++ b/tests/golden/defaults/cert-exoscale/cert-exoscale/10_kustomize/cert-exoscale/rbac.authorization.k8s.io_v1_clusterrolebinding_cert-manager-webhook-exoscale:secrets-reader.yaml @@ -1,5 +1,5 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: labels: app: exoscale-webhook @@ -7,10 +7,9 @@ metadata: heritage: Helm release: exoscale-webhook name: cert-manager-webhook-exoscale:secrets-reader - namespace: syn-cert-manager roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role + kind: ClusterRole name: cert-manager-webhook-exoscale:secrets-reader subjects: - apiGroup: ""