amcginlay/policy.yaml

## policy.yaml
---
apiVersion: policy.cert-manager.io/v1alpha1
kind: CertificateRequestPolicy
metadata:
  name: accept-all
spec:
  allowed:
    dnsNames:
      values:
      - "*"
  selector:
    issuerRef:
      name: "*"
      kind: "*Issuer"
      group: cert-manager.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cert-manager-policy:accept-all
rules:
  - apiGroups: ["policy.cert-manager.io"]
    resources: ["certificaterequestpolicies"]
    verbs: ["use"]
    resourceNames: ["accept-all"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cert-manager-policy:accept-all
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cert-manager-policy:accept-all
subjects:
- kind: ServiceAccount
  name: cert-manager
  namespace: jetstack-secure
	---
	apiVersion: policy.cert-manager.io/v1alpha1
	kind: CertificateRequestPolicy
	metadata:
	name: accept-all
	spec:
	allowed:
	dnsNames:
	values:
	- "*"
	selector:
	issuerRef:
	name: "*"
	kind: "*Issuer"
	group: cert-manager.io
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: cert-manager-policy:accept-all
	rules:
	- apiGroups: ["policy.cert-manager.io"]
	resources: ["certificaterequestpolicies"]
	verbs: ["use"]
	resourceNames: ["accept-all"]
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: cert-manager-policy:accept-all
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: cert-manager-policy:accept-all
	subjects:
	- kind: ServiceAccount
	name: cert-manager
	namespace: jetstack-secure