apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
  name: gandi-webhook-rbac
  namespace: crossplane-system
spec:
  providerConfigRef:
    name: kubernetes-provider
  forProvider:
    manifest:
      apiVersion: rbac.authorization.k8s.io/v1
      kind: ClusterRole
      metadata:
        name: gandi-webhook-domain-solver
      rules:
      - apiGroups: [""]
        resources: ["secrets"]
        verbs: ["get", "list", "watch"]
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
  name: gandi-webhook-rbac-binding
  namespace: crossplane-system
spec:
  providerConfigRef:
    name: kubernetes-provider
  forProvider:
    manifest:
      apiVersion: rbac.authorization.k8s.io/v1
      kind: ClusterRoleBinding
      metadata:
        name: gandi-webhook-domain-solver
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: ClusterRole
        name: gandi-webhook-domain-solver
      subjects:
      - kind: ServiceAccount
        name: gandi-webhook-cert-manager-webhook-gandi
        namespace: cert-manager