fix(ingress): resolve merge conflict and merge RBAC/IngressClass configurations

Author: USHER-PB

ingress-controller/terraform/main.tf

@@ -109,6 +109,11 @@ resource "helm_release" "nginx_ingress" {
     value = "true"
   }
 
+  set {
+    name  = "controller.enableCustomResources"
+    value = "true"
+  }
+
   # Wait for the LoadBalancer to be ready
   wait    = true
   timeout = 600
@@ -142,6 +147,43 @@ resource "kubernetes_manifest" "ingress_class" {
   depends_on = [helm_release.nginx_ingress]
 }
 
+# ClusterRole extension for cert-manager and Ingress status
+resource "kubernetes_cluster_role" "nginx_ingress_extension" {
+  metadata {
+    name = "nginx-ingress-cert-manager-extension"
+  }
+
+  rule {
+    api_groups = ["cert-manager.io"]
+    resources  = ["certificates", "certificaterequests"]
+    verbs      = ["get", "list", "watch"]
+  }
+
+  rule {
+    api_groups = ["networking.k8s.io"]
+    resources  = ["ingresses/status"]
+    verbs      = ["update"]
+  }
+}
+
+resource "kubernetes_cluster_role_binding" "nginx_ingress_extension" {
+  metadata {
+    name = "nginx-ingress-cert-manager-extension-binding"
+  }
+
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = kubernetes_cluster_role.nginx_ingress_extension.metadata[0].name
+  }
+
+  subject {
+    kind      = "ServiceAccount"
+    name      = "${var.release_name}-nginx-ingress"
+    namespace = var.namespace
+  }
+}
+
 # Explicit cleanup on destroy - removes IngressClass first, then namespace
 resource "null_resource" "namespace_cleanup" {
   count = var.install_nginx_ingress ? 1 : 0