From 8bcf781b4ee07361ebd2a3b3292c3eaece5db4f9 Mon Sep 17 00:00:00 2001
From: "A. F. Dudley" <a.frederick.dudley@gmail.com>
Date: Tue, 20 Jan 2026 06:27:00 -0500
Subject: [PATCH] Add secrets create/update/delete permissions for Caddy

Caddy needs to create and manage secrets for storing TLS certificates
obtained via ACME (Let's Encrypt).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../ingress/ingress-caddy-kind-deploy.yaml           | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/stack_orchestrator/data/k8s/components/ingress/ingress-caddy-kind-deploy.yaml b/stack_orchestrator/data/k8s/components/ingress/ingress-caddy-kind-deploy.yaml
index 4247da69..632dcc05 100644
--- a/stack_orchestrator/data/k8s/components/ingress/ingress-caddy-kind-deploy.yaml
+++ b/stack_orchestrator/data/k8s/components/ingress/ingress-caddy-kind-deploy.yaml
@@ -33,13 +33,23 @@ rules:
       - endpoints
       - nodes
       - pods
-      - secrets
       - namespaces
       - services
     verbs:
       - list
       - watch
       - get
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+      - get
+      - create
+      - update
+      - delete
   - apiGroups:
       - ""
     resources: