[role:cert-manager] Add self-signed issuer and certificate For a private PKI, created a custom root certificate using self-signed clusterIssuer. To use this for openstack endpoints, need to set variable `cert_manager_issuer` as following; cert_manager_issuer: ca: secretName: root-secret Sem-Ver: feature Change-Id: Ie8f46173f7951c141053ad3cf80a5d8926c95724

commit: 05a72edc9e99e34cd954a024f1255dec3a26c5fd [log] [tgz]
author: okozachenko <okozachenko1203@gmail.com> Tue Apr 12 23:01:43 2022 +1000
committer: okozachenko <okozachenko1203@gmail.com> Mon Apr 18 17:40:37 2022 +1000
tree: 6bb053c993b54039db9bf48154e52c00fc7057f0
parent: 740dca943ffe59c8e240172e953a90d0c980c1e9 [diff] [blame]
diff --git a/roles/cert_manager/defaults/main.yml b/roles/cert_manager/defaults/main.yml
index 508c527..40c504f 100644
--- a/roles/cert_manager/defaults/main.yml
+++ b/roles/cert_manager/defaults/main.yml

@@ -20,6 +20,7 @@
 # .. envvar:: cert_manager_issuer [[[
 #
 # Definition for the ``cert-manager`` issuer
+# To use self-signed CA certificate, set cert_manager_issuer.ca.secretName as root-secret.
 cert_manager_issuer:
   acme:
     email: mnaser@vexxhost.com
commit	05a72edc9e99e34cd954a024f1255dec3a26c5fd	[log] [tgz]
author	okozachenko <okozachenko1203@gmail.com>	Tue Apr 12 23:01:43 2022 +1000
committer	okozachenko <okozachenko1203@gmail.com>	Mon Apr 18 17:40:37 2022 +1000
tree	6bb053c993b54039db9bf48154e52c00fc7057f0
parent	740dca943ffe59c8e240172e953a90d0c980c1e9 [diff] [blame]