apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: certificate-contributor
rules:
  - apiGroups: ["cert-manager.io"]
    resources: ["certificates"]
    verbs: ["create", "get", "list", "watch", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: certificate-contributor-binding
  namespace: freeleaps-controls-system
subjects:
  - kind: Group
    name: mathmast:certificate-contributor
    apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: certificate-contributor
  apiGroup: rbac.authorization.k8s.io