---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cert-manager:ovh-dns-challenge
  namespace: default
rules:
  - apiGroups: ["${SECRET_DOMAIN}"]
    resources: ["ovh"]
    verbs: ["get", "watch", "list", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cert-manager:ovh-dns-challenge
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cert-manager:ovh-dns-challenge
subjects:
  - apiGroup: ""
    kind: ServiceAccount
    name: cert-manager
    namespace: default