---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app.kubernetes.io/instance: external-secrets
    app.kubernetes.io/name: external-secrets-cert-controller
    app.kubernetes.io/version: v0.15.1
  name: external-secrets-cert-controller
rules:
  - apiGroups:
      - apiextensions.k8s.io
    resources:
      - customresourcedefinitions
    verbs:
      - get
      - list
      - watch
      - update
      - patch
  - apiGroups:
      - admissionregistration.k8s.io
    resources:
      - validatingwebhookconfigurations
    verbs:
      - list
      - watch
      - get
  - apiGroups:
      - admissionregistration.k8s.io
    resourceNames:
      - secretstore-validate
      - externalsecret-validate
    resources:
      - validatingwebhookconfigurations
    verbs:
      - update
      - patch
  - apiGroups:
      - ""
    resources:
      - endpoints
    verbs:
      - list
      - get
      - watch
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - list
      - watch
      - update
      - patch
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    verbs:
      - get
      - create
      - update
      - patch