apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app: cert-manager-webhook-netcup
    chart: cert-manager-webhook-netcup-1.0.29
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: cert-manager-webhook-netcup:secret-reader
  namespace: cert-manager
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app: cert-manager-webhook-netcup
    chart: cert-manager-webhook-netcup-1.0.29
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup:domain-solver
rules:
- apiGroups:
  - com.netcup.webhook
  resources:
  - '*'
  verbs:
  - create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app: cert-manager-webhook-netcup
    chart: cert-manager-webhook-netcup-1.0.29
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup:flowcontrol
rules:
- apiGroups:
  - flowcontrol.apiserver.k8s.io
  resources:
  - flowschemas
  - prioritylevelconfigurations
  verbs:
  - list
  - watch
  - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: cert-manager-webhook-netcup:secret-reader
  namespace: cert-manager
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: cert-manager-webhook-netcup:secret-reader
subjects:
- apiGroup: ""
  kind: ServiceAccount
  name: cert-manager-webhook-netcup
  namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    app: cert-manager-webhook-netcup
    chart: cert-manager-webhook-netcup-1.0.29
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup:webhook-authentication-reader
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: extension-apiserver-authentication-reader
subjects:
- apiGroup: ""
  kind: ServiceAccount
  name: cert-manager-webhook-netcup
  namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app: cert-manager-webhook-netcup
    chart: cert-manager-webhook-netcup-1.0.29
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup:auth-delegator
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:auth-delegator
subjects:
- apiGroup: ""
  kind: ServiceAccount
  name: cert-manager-webhook-netcup
  namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app: cert-manager-webhook-netcup
    chart: cert-manager-webhook-netcup-1.0.29
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup:domain-solver
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cert-manager-webhook-netcup:domain-solver
subjects:
- apiGroup: ""
  kind: ServiceAccount
  name: cert-manager
  namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app: cert-manager-webhook-netcup
    chart: cert-manager-webhook-netcup-1.0.29
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup:flowcontrol
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cert-manager-webhook-netcup:flowcontrol
subjects:
- apiGroup: ""
  kind: ServiceAccount
  name: cert-manager-webhook-netcup
  namespace: cert-manager
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: cert-manager-webhook-netcup
    chart: cert-manager-webhook-netcup-1.0.29
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup
spec:
  ports:
  - name: https
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    app: cert-manager-webhook-netcup
    release: cert-manager-webhook-netcup
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: cert-manager-webhook-netcup
    chart: cert-manager-webhook-netcup-1.0.29
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup
spec:
  replicas: null
  selector:
    matchLabels:
      app: cert-manager-webhook-netcup
      release: cert-manager-webhook-netcup
  template:
    metadata:
      labels:
        app: cert-manager-webhook-netcup
        release: cert-manager-webhook-netcup
    spec:
      containers:
      - args:
        - --tls-cert-file=/tls/tls.crt
        - --tls-private-key-file=/tls/tls.key
        env:
        - name: GROUP_NAME
          value: com.netcup.webhook
        image: ghcr.io/aellwein/cert-manager-webhook-netcup:1.0.29
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
            path: /healthz
            port: https
            scheme: HTTPS
        name: cert-manager-webhook-netcup
        ports:
        - containerPort: 443
          name: https
          protocol: TCP
        readinessProbe:
          httpGet:
            path: /healthz
            port: https
            scheme: HTTPS
        resources: {}
        volumeMounts:
        - mountPath: /tls
          name: certs
          readOnly: true
      serviceAccountName: cert-manager-webhook-netcup
      volumes:
      - name: certs
        secret:
          secretName: cert-manager-webhook-netcup-webhook-tls
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
  annotations:
    cert-manager.io/inject-ca-from: cert-manager/cert-manager-webhook-netcup-webhook-tls
  labels:
    app: cert-manager-webhook-netcup
    chart: cert-manager-webhook-netcup-1.0.29
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: v1alpha1.com.netcup.webhook
spec:
  group: com.netcup.webhook
  groupPriorityMinimum: 1000
  service:
    name: cert-manager-webhook-netcup
    namespace: cert-manager
  version: v1alpha1
  versionPriority: 15
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  labels:
    app: cert-manager-webhook-netcup
    chart: cert-manager-webhook-netcup-1.0.29
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup-ca
  namespace: cert-manager
spec:
  commonName: ca.cert-manager-webhook-netcup.cert-manager
  duration: 43800h
  isCA: true
  issuerRef:
    name: cert-manager-webhook-netcup-selfsign
  secretName: cert-manager-webhook-netcup-ca
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  labels:
    app: cert-manager-webhook-netcup
    chart: cert-manager-webhook-netcup-1.0.29
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup-webhook-tls
  namespace: cert-manager
spec:
  dnsNames:
  - cert-manager-webhook-netcup
  - cert-manager-webhook-netcup.cert-manager
  - cert-manager-webhook-netcup.cert-manager.svc
  duration: 8760h
  issuerRef:
    name: cert-manager-webhook-netcup-ca
  secretName: cert-manager-webhook-netcup-webhook-tls
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  labels:
    app: cert-manager-webhook-netcup
    chart: cert-manager-webhook-netcup-1.0.29
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup-ca
  namespace: cert-manager
spec:
  ca:
    secretName: cert-manager-webhook-netcup-ca
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  labels:
    app: cert-manager-webhook-netcup
    chart: cert-manager-webhook-netcup-1.0.29
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup-selfsign
  namespace: cert-manager
spec:
  selfSigned: {}