apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: cert-manager-webhook-vultr-secret-reader
  namespace: cert-manager
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get", "watch", "list"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: cert-manager-webhook-vultr-secret-reader-binding
  namespace: cert-manager
subjects:
- kind: ServiceAccount
  name: cert-manager-webhook-vultr
  namespace: cert-manager
roleRef:
  kind: Role
  name: cert-manager-webhook-vultr-secret-reader
  apiGroup: rbac.authorization.k8s.io