Fix rbac issues with dnsimple cert issuer.

kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple-issuer-rbac.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: flow-schema-reader
+rules:
+  - apiGroups: ["flowcontrol.apiserver.k8s.io"]
+    resources: ["flowschemas", "prioritylevelconfigurations"]
+    verbs: ["list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: grant-flow-schema-permission
+subjects:
+  - kind: ServiceAccount
+    name: dnsimple-issuer-cert-manager-webhook-dnsimple
+    namespace: cert-manager
+roleRef:
+  kind: ClusterRole
+  name: flow-schema-reader
+  apiGroup: rbac.authorization.k8s.io

kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml

@@ -6,4 +6,5 @@ resources:
   - ./externalsecret.yaml
   - ./issuer-letsencrypt-prod.yaml
   - ./issuer-letsencrypt-staging.yaml
+  - ./dnsimple-issuer-rbac.yaml
   - ./helmrelease.yaml

kubernetes/apps/security/external-secrets/ks.yaml

@@ -25,10 +25,6 @@ spec:
   sourceRef:
     kind: GitRepository
     name: valinor
-  decryption:
-    provider: sops
-    secretRef:
-      name: sops-age
   wait: true
   dependsOn:
     - name: cluster-apps-external-secrets