From 5e4a7f0dd2c663171075be27d824d5423aad77b7 Mon Sep 17 00:00:00 2001 From: Melvin GABALI Date: Wed, 21 Jan 2026 23:51:27 +0100 Subject: [PATCH] add rbac --- .../ops/templates/rbac-cert-manager.yaml | 40 +++++++++++++++++++ helm/cert-manager-webhook-ovh/ops/values.yaml | 1 + 2 files changed, 41 insertions(+) create mode 100644 helm/cert-manager-webhook-ovh/ops/templates/rbac-cert-manager.yaml diff --git a/helm/cert-manager-webhook-ovh/ops/templates/rbac-cert-manager.yaml b/helm/cert-manager-webhook-ovh/ops/templates/rbac-cert-manager.yaml new file mode 100644 index 0000000..3ece93b --- /dev/null +++ b/helm/cert-manager-webhook-ovh/ops/templates/rbac-cert-manager.yaml @@ -0,0 +1,40 @@ +# ClusterRole pour permettre à cert-manager d'utiliser le webhook OVH +# Le ServiceAccount cert-manager doit pouvoir créer des ressources "ovh" +# dans le groupe API acme.gkdomaine.fr +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cert-manager-webhook-ovh:cert-manager + labels: + app: cert-manager-webhook-ovh +rules: + - apiGroups: + - acme.gkdomaine.fr + resources: + - ovh + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +# ClusterRoleBinding pour lier le ClusterRole au ServiceAccount cert-manager +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cert-manager-webhook-ovh:cert-manager + labels: + app: cert-manager-webhook-ovh +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-webhook-ovh:cert-manager +subjects: + # Le ServiceAccount cert-manager dans cert-manager-ops (selon l'erreur RBAC) + - kind: ServiceAccount + name: cert-manager + namespace: cert-manager-ops + diff --git a/helm/cert-manager-webhook-ovh/ops/values.yaml b/helm/cert-manager-webhook-ovh/ops/values.yaml index 5e8eddc..ae6fadd 100644 --- a/helm/cert-manager-webhook-ovh/ops/values.yaml +++ b/helm/cert-manager-webhook-ovh/ops/values.yaml @@ -28,4 +28,5 @@ cert-manager-webhook-ovh: requests: cpu: 50m memory: 64Mi +