Move k-s rbac to k-s

kubernetes/apps/cert-manager/webhook-dnsimple/app/rbac.yaml

@@ -97,23 +97,3 @@ roleRef:
  kind: Role
  name: webhook-dnsimple:access-secret
  apiGroup: rbac.authorization.k8s.io
----
-# Grant the webhook permission to read the ConfigMap containing the Kubernetes
-# apiserver's requestheader-ca-certificate.
-# This ConfigMap is automatically created by the Kubernetes apiserver.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: webhook-dnsimple:webhook-authentication-reader
-  namespace: kube-system
-  labels:
-    app: cert-manager-webhook-dnsimple
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: extension-apiserver-authentication-reader
-subjects:
-  - apiGroup: ""
-    kind: ServiceAccount
-    name: webhook-dnsimple
-    namespace: cert-manager

kubernetes/apps/kube-system/dnsimple-webhook-rbac.yaml

@@ -0,0 +1,20 @@
+---
+# Grant the webhook permission to read the ConfigMap containing the Kubernetes
+# apiserver's requestheader-ca-certificate.
+# This ConfigMap is automatically created by the Kubernetes apiserver.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: webhook-dnsimple:webhook-authentication-reader
+  namespace: kube-system
+  labels:
+    app: cert-manager-webhook-dnsimple
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+  - apiGroup: ""
+    kind: ServiceAccount
+    name: webhook-dnsimple
+    namespace: cert-manager

kubernetes/apps/kube-system/kustomization.yaml

@@ -8,6 +8,7 @@ resources:
   # Flux-Kustomizations
   - ./cilium/ks.yaml
   - ./descheduler/ks.yaml
+  - ./dnsimple-webhook-rbac.yaml
   - ./fstrim/ks.yaml
   - ./metrics-server/ks.yaml
   - ./multus/ks.yaml