Automated Manifest Update (#2342)

This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: #2342 Co-authored-by: gitea-bot <gitea-bot@alexlebens.net> Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
2025-12-10 00:19:03 +00:00
parent 648daeec0a
commit 81048e096c
1118 changed files with 29 additions and 1632 deletions
--- a/clusters/cl01tl/manifests/cert-manager/ClusterIssuer-letsencrypt-issuer.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterIssuer-letsencrypt-issuer.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/templates/cluster-issuer.yaml
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-cainjector.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-cainjector.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/cainjector-rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-cluster-view.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-cluster-view.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-approve:cert-manager-io.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-approve:cert-manager-io.yaml
@@ -1,6 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
-# Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-certificates.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-certificates.yaml
@@ -1,6 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
-# Certificates controller role
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -20,9 +18,6 @@ rules:
  - apiGroups: ["cert-manager.io"]
    resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"]
    verbs: ["get", "list", "watch"]
-  # We require these rules to support users with the OwnerReferencesPermissionEnforcement
-  # admission controller enabled:
-  # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
  - apiGroups: ["cert-manager.io"]
    resources: ["certificates/finalizers", "certificaterequests/finalizers"]
    verbs: ["update"]
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-certificatesigningrequests.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-certificatesigningrequests.yaml
@@ -1,8 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
-# Permission to:
-# - Update and sign CertificateSigningRequests referencing cert-manager.io Issuers and ClusterIssuers
-# - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-challenges.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-challenges.yaml
@@ -1,6 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
-# Challenges controller role
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -14,27 +12,21 @@ metadata:
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.19.1
 rules:
-  # Use to update challenge resource status
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["challenges", "challenges/status"]
    verbs: ["update", "patch"]
-  # Used to watch challenge resources
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["challenges"]
    verbs: ["get", "list", "watch"]
-  # Used to watch challenges, issuer and clusterissuer resources
  - apiGroups: ["cert-manager.io"]
    resources: ["issuers", "clusterissuers"]
    verbs: ["get", "list", "watch"]
-  # Need to be able to retrieve ACME account private key to complete challenges
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "watch"]
-  # Used to create events
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "patch"]
-  # HTTP01 rules
  - apiGroups: [""]
    resources: ["pods", "services"]
    verbs: ["get", "list", "watch", "create", "delete"]
@@ -44,19 +36,12 @@ rules:
  - apiGroups: ["gateway.networking.k8s.io"]
    resources: ["httproutes"]
    verbs: ["get", "list", "watch", "create", "delete", "update"]
-  # We require the ability to specify a custom hostname when we are creating
-  # new ingress resources.
-  # See: https://github.com/openshift/origin/blob/21f191775636f9acadb44fa42beeb4f75b255532/pkg/route/apiserver/admission/ingress_admission.go#L84-L148
  - apiGroups: ["route.openshift.io"]
    resources: ["routes/custom-host"]
    verbs: ["create"]
-  # We require these rules to support users with the OwnerReferencesPermissionEnforcement
-  # admission controller enabled:
-  # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["challenges/finalizers"]
    verbs: ["update"]
-  # DNS01 rules (duplicated above)
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "watch"]
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-clusterissuers.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-clusterissuers.yaml
@@ -1,6 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
-# ClusterIssuer controller role
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-ingress-shim.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-ingress-shim.yaml
@@ -1,6 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
-# ingress-shim controller role
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -23,9 +21,6 @@ rules:
  - apiGroups: ["networking.k8s.io"]
    resources: ["ingresses"]
    verbs: ["get", "list", "watch"]
-  # We require these rules to support users with the OwnerReferencesPermissionEnforcement
-  # admission controller enabled:
-  # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
  - apiGroups: ["networking.k8s.io"]
    resources: ["ingresses/finalizers"]
    verbs: ["update"]
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-issuers.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-issuers.yaml
@@ -1,6 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
-# Issuer controller role
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-orders.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-controller-orders.yaml
@@ -1,6 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
-# Orders controller role
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -26,9 +24,6 @@ rules:
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["challenges"]
    verbs: ["create", "delete"]
-  # We require these rules to support users with the OwnerReferencesPermissionEnforcement
-  # admission controller enabled:
-  # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["orders/finalizers"]
    verbs: ["update"]
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-edit.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-edit.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-view.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-view.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-webhook:subjectaccessreviews.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRole-cert-manager-webhook:subjectaccessreviews.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/webhook-rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-cainjector.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-cainjector.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/cainjector-rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-approve:cert-manager-io.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-approve:cert-manager-io.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-certificates.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-certificates.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-certificatesigningrequests.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-certificatesigningrequests.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-challenges.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-challenges.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-clusterissuers.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-clusterissuers.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-ingress-shim.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-ingress-shim.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-issuers.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-issuers.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-orders.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-controller-orders.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-webhook:subjectaccessreviews.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ClusterRoleBinding-cert-manager-webhook:subjectaccessreviews.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/webhook-rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/CustomResourceDefinition-certificaterequests.cert-manager.io.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/CustomResourceDefinition-certificaterequests.cert-manager.io.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/crd-cert-manager.io_certificaterequests.yaml
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/CustomResourceDefinition-certificates.cert-manager.io.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/CustomResourceDefinition-certificates.cert-manager.io.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/crd-cert-manager.io_certificates.yaml
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/CustomResourceDefinition-challenges.acme.cert-manager.io.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/CustomResourceDefinition-challenges.acme.cert-manager.io.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/crd-acme.cert-manager.io_challenges.yaml
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/CustomResourceDefinition-clusterissuers.cert-manager.io.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/CustomResourceDefinition-clusterissuers.cert-manager.io.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/crd-cert-manager.io_clusterissuers.yaml
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/CustomResourceDefinition-issuers.cert-manager.io.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/CustomResourceDefinition-issuers.cert-manager.io.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/crd-cert-manager.io_issuers.yaml
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/CustomResourceDefinition-orders.acme.cert-manager.io.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/CustomResourceDefinition-orders.acme.cert-manager.io.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/crd-acme.cert-manager.io_orders.yaml
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/Deployment-cert-manager-cainjector.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/Deployment-cert-manager-cainjector.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/cainjector-deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/Deployment-cert-manager-webhook.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/Deployment-cert-manager-webhook.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/webhook-deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/Deployment-cert-manager.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/Deployment-cert-manager.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -66,9 +65,6 @@ spec:
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
-          # LivenessProbe settings are based on those used for the Kubernetes
-          # controller-manager. See:
-          # https://github.com/kubernetes/kubernetes/blob/806b30170c61a38fedd54cc9ede4cd6275a1ad3b/cmd/kubeadm/app/util/staticpod/utils.go#L241-L245
          livenessProbe:
            httpGet:
              port: http-healthz
--- a/clusters/cl01tl/manifests/cert-manager/ExternalSecret-cloudflare-api-token.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ExternalSecret-cloudflare-api-token.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/templates/external-secret.yaml
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/Job-cert-manager-startupapicheck.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/Job-cert-manager-startupapicheck.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/startupapicheck-job.yaml
 apiVersion: batch/v1
 kind: Job
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/MutatingWebhookConfiguration-cert-manager-webhook.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/MutatingWebhookConfiguration-cert-manager-webhook.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/webhook-mutating-webhook.yaml
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
@@ -26,13 +25,9 @@ webhooks:
        resources:
          - "certificaterequests"
    admissionReviewVersions: ["v1"]
-    # This webhook only accepts v1 cert-manager resources.
-    # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
-    # this webhook (after the resources have been converted to v1).
    matchPolicy: Equivalent
    timeoutSeconds: 30
    failurePolicy: Fail
-    # Only include 'sideEffects' field in Kubernetes 1.12+
    sideEffects: None
    clientConfig:
      service:
--- a/clusters/cl01tl/manifests/cert-manager/Role-cert-manager-cainjector:leaderelection.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/Role-cert-manager-cainjector:leaderelection.yaml
@@ -1,6 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/cainjector-rbac.yaml
-# leader election rules
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -15,11 +13,6 @@ metadata:
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.19.1
 rules:
-  # Used for leader election by the controller
-  # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller
-  #   see cmd/cainjector/start.go#L113
-  # cert-manager-cainjector-leader-election-core is used by the SecretBased injector controller
-  #   see cmd/cainjector/start.go#L137
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"]
--- a/clusters/cl01tl/manifests/cert-manager/Role-cert-manager-startupapicheck:create-cert.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/Role-cert-manager-startupapicheck:create-cert.yaml
@@ -1,6 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/startupapicheck-rbac.yaml
-# create certificate role
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/Role-cert-manager-tokenrequest.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/Role-cert-manager-tokenrequest.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/Role-cert-manager-webhook:dynamic-serving.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/Role-cert-manager-webhook:dynamic-serving.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/webhook-rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -19,7 +18,6 @@ rules:
    resourceNames:
      - 'cert-manager-webhook-ca'
    verbs: ["get", "list", "watch", "update"]
-  # It's not possible to grant CREATE permission on a single resourceName.
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["create"]
--- a/clusters/cl01tl/manifests/cert-manager/Role-cert-manager:leaderelection.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/Role-cert-manager:leaderelection.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/RoleBinding-cert-manager-cainjector:leaderelection.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/RoleBinding-cert-manager-cainjector:leaderelection.yaml
@@ -1,7 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/cainjector-rbac.yaml
-# grant cert-manager permission to manage the leaderelection configmap in the
-# leader election namespace
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/RoleBinding-cert-manager-startupapicheck:create-cert.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/RoleBinding-cert-manager-startupapicheck:create-cert.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/startupapicheck-rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/RoleBinding-cert-manager-tokenrequest.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/RoleBinding-cert-manager-tokenrequest.yaml
@@ -1,6 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
-# grant cert-manager permission to create tokens for the serviceaccount
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/RoleBinding-cert-manager-webhook:dynamic-serving.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/RoleBinding-cert-manager-webhook:dynamic-serving.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/webhook-rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/RoleBinding-cert-manager:leaderelection.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/RoleBinding-cert-manager:leaderelection.yaml
@@ -1,7 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/rbac.yaml
-# grant cert-manager permission to manage the leaderelection configmap in the
-# leader election namespace
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/Service-cert-manager-cainjector.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/Service-cert-manager-cainjector.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/cainjector-service.yaml
 apiVersion: v1
 kind: Service
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/Service-cert-manager-webhook.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/Service-cert-manager-webhook.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/webhook-service.yaml
 apiVersion: v1
 kind: Service
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/Service-cert-manager.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/Service-cert-manager.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ServiceAccount-cert-manager-cainjector.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ServiceAccount-cert-manager-cainjector.yaml
@@ -1,5 +1,3 @@
---
-# Source: cert-manager/charts/cert-manager/templates/cainjector-serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: true
--- a/clusters/cl01tl/manifests/cert-manager/ServiceAccount-cert-manager-startupapicheck.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ServiceAccount-cert-manager-startupapicheck.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/startupapicheck-serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: true
--- a/clusters/cl01tl/manifests/cert-manager/ServiceAccount-cert-manager-webhook.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ServiceAccount-cert-manager-webhook.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/webhook-serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: true
--- a/clusters/cl01tl/manifests/cert-manager/ServiceAccount-cert-manager.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ServiceAccount-cert-manager.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: true
--- a/clusters/cl01tl/manifests/cert-manager/ServiceMonitor-cert-manager.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ServiceMonitor-cert-manager.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
--- a/clusters/cl01tl/manifests/cert-manager/ValidatingWebhookConfiguration-cert-manager-webhook.yaml
+++ b/clusters/cl01tl/manifests/cert-manager/ValidatingWebhookConfiguration-cert-manager-webhook.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: cert-manager/charts/cert-manager/templates/webhook-validating-webhook.yaml
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
@@ -34,9 +33,6 @@ webhooks:
        resources:
          - "*/*"
    admissionReviewVersions: ["v1"]
-    # This webhook only accepts v1 cert-manager resources.
-    # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
-    # this webhook (after the resources have been converted to v1).
    matchPolicy: Equivalent
    timeoutSeconds: 30
    failurePolicy: Fail