---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/version: v1.14.5
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
  name: cert-manager-edit
rules:
  - apiGroups:
      - cert-manager.io
    resources:
      - certificates
      - certificaterequests
      - issuers
    verbs:
      - create
      - delete
      - deletecollection
      - patch
      - update
  - apiGroups:
      - cert-manager.io
    resources:
      - certificates/status
    verbs:
      - update
  - apiGroups:
      - acme.cert-manager.io
    resources:
      - challenges
      - orders
    verbs:
      - create
      - delete
      - deletecollection
      - patch
      - update