apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{ include "container-mom.fullname" . }}
  labels:
    {{- include "container-mom.labels" . | nindent 4 }}
rules:
  - apiGroups: ["containermom.io"]
    resources: ["*"]
    verbs: ["*"]
  - apiGroups: [""]
    resources: ["pods", "services", "configmaps", "secrets"]
    verbs: ["*"]
  - apiGroups: ["apps"]
    resources: ["deployments"]
    verbs: ["*"]
  - apiGroups: ["networking.k8s.io"]
    resources: ["ingresses"]
    verbs: ["*"]
  - apiGroups: ["cert-manager.io"]
    resources: ["certificates", "issuers"]
    verbs: ["*"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: {{ include "container-mom.fullname" . }}
  labels:
    {{- include "container-mom.labels" . | nindent 4 }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ include "container-mom.fullname" . }}
subjects:
  - kind: ServiceAccount
    name: {{ include "container-mom.serviceAccountName" . }}
    namespace: {{ .Release.Namespace }}