Problem
"re-queuing item due to error processing" err="hetzner.acme.hetzner.com is forbidden: User \"system:serviceaccount:cert-manager:cert-manager\" cannot create resource \"hetzner\" in API group \"acme.hetzner.com\" at the cluster scope" logger="cert-manager.controller"
Suggested Fix
locals {
group = "acme.hetzner.com"
name = "hetzner"
}
resource "kubernetes_cluster_role_v1" "cert-manager-link-up" {
metadata {
name = "${local.name}-cert-manager-link-up"
labels = {
app = local.name
}
}
rule {
api_groups = [local.group]
resources = [local.name]
verbs = ["*"]
}
}
resource "kubernetes_cluster_role_binding_v1" "cert-manager-link-up" {
metadata {
name = "${local.name}-cert-manager-link-up"
labels = {
app = local.name
}
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "${local.name}-cert-manager-link-up"
}
subject {
api_group = ""
kind = "ServiceAccount"
name = "cert-manager"
namespace = "cert-manager"
}
}
