[ATMOSPHERE-303] fix: set variables for cluster issuer name for keycl… (#1705)

…oak and kube-prom-stack (#1676)
…-stack
Reviewed-by: Giovanni Tirloni
Reviewed-by: Mohammed Naser mnaser@vexxhost.com
Reviewed-by: Oleksandr K.
diff --git a/doc/source/deploy/certificates.rst b/doc/source/deploy/certificates.rst
index 7d77d1b..2e04abb 100644
--- a/doc/source/deploy/certificates.rst
+++ b/doc/source/deploy/certificates.rst
@@ -299,12 +299,13 @@
 to configure the certificate values.
 
 In order to apply these annotations to all ingresses managed by Atmosphere, you
-can use the ``ingress_global_annotations`` variable in your inventory which will
-apply the annotations to all ingresses.
+can use the ``atmosphere_ingress_annotations`` variable in your inventory which will
+apply the annotations to all ingresses. ``ingress_global_annotations`` variable is
+deprecated.
 
 .. code-block:: yaml
 
-  ingress_global_annotations:
+  atmosphere_ingress_annotations:
     cert-manager.io/subject-organizations: VEXXHOST, Inc.
     cert-manager.io/subject-organizationalunits: Cloud Infrastructure
     cert-manager.io/subject-localities: Montreal
diff --git a/roles/defaults/defaults/main.yml b/roles/defaults/defaults/main.yml
index 6a4fc87..c1c8063 100644
--- a/roles/defaults/defaults/main.yml
+++ b/roles/defaults/defaults/main.yml
@@ -17,6 +17,7 @@
 # Ingress
 atmosphere_ingress_class_name: atmosphere
 atmosphere_ingress_cluster_issuer: atmosphere
+atmosphere_ingress_annotations: {}
 
 # Network backend
 atmosphere_network_backend: openvswitch
diff --git a/roles/ingress/defaults/main.yml b/roles/ingress/defaults/main.yml
index 70855a7..05a2cc3 100644
--- a/roles/ingress/defaults/main.yml
+++ b/roles/ingress/defaults/main.yml
@@ -32,9 +32,9 @@
 #               the ingress role to pass annotations to the
 #               Ingress resource.  You should use role-specific
 #               variable to pass annotations or use the
-#               ingress_global_annotations variable to apply
+#               ingress_default_annotations variable to apply
 #               annotations to all Ingress resources.
 ingress_annotations: {}
 
-# List of annotations to apply to all Ingress resources
-ingress_global_annotations: {}
+# List of annotations to apply to all Ingress resources as default
+ingress_default_annotations: "{{ ingress_global_annotations | default(atmosphere_ingress_annotations) }}"
diff --git a/roles/ingress/templates/ingress.yml.j2 b/roles/ingress/templates/ingress.yml.j2
index a06bc1d..04135bc 100644
--- a/roles/ingress/templates/ingress.yml.j2
+++ b/roles/ingress/templates/ingress.yml.j2
@@ -5,8 +5,8 @@
   namespace: {{ ingress_namespace | default('default') }}

   annotations:

     cert-manager.io/common-name: {{ ingress_host }}

-{% if (ingress_annotations|length) > 0 or (ingress_global_annotations|length) > 0 %}

-    {{ ingress_annotations | combine(ingress_global_annotations, recursive=True) | to_nice_yaml | indent(4) }}

+{% if (ingress_annotations|length) > 0 or (ingress_default_annotations|length) > 0 %}

+    {{ ingress_annotations | combine(ingress_default_annotations, recursive=True) | to_nice_yaml | indent(4) }}

 {% endif %}

 spec:

   ingressClassName: {{ ingress_class_name }}

diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
index 02704aa..324ab43 100644
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -22,6 +22,7 @@
 keycloak_host: "{{ undef('You must specify a Keycloak host using keycloak_host') }}"
 keycloak_ingress_annotations: {}
 keycloak_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+keycloak_ingress_cluster_issuer: "{{ atmosphere_ingress_cluster_issuer }}"
 
 keycloak_admin_username: admin
 keycloak_admin_password: "{{ undef(hint='You must specify a Keycloak admin password using keycloak_admin_password') }}"
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index 5c65bd3..b90875b 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -88,7 +88,7 @@
     ingress_service_port: 80
     ingress_secret_name: "{{ keycloak_host_tls_secret_name }}"
     ingress_annotations:
-      cert-manager.io/cluster-issuer: atmosphere
+      cert-manager.io/cluster-issuer: "{{ keycloak_ingress_cluster_issuer }}"
 
 - name: Enable pxc strict mode
   run_once: true
diff --git a/roles/kube_prometheus_stack/defaults/main.yml b/roles/kube_prometheus_stack/defaults/main.yml
index dfd4ee9..fda7a49 100644
--- a/roles/kube_prometheus_stack/defaults/main.yml
+++ b/roles/kube_prometheus_stack/defaults/main.yml
@@ -20,6 +20,9 @@
 kube_prometheus_stack_helm_values: {}
 
 kube_prometheus_stack_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+kube_prometheus_stack_ingress_cluster_issuer: "{{ atmosphere_ingress_cluster_issuer }}"
+kube_prometheus_stack_ingress_annotations:
+  cert-manager.io/cluster-issuer: "{{ kube_prometheus_stack_ingress_cluster_issuer }}"
 
 kube_prometheus_stack_grafana_admin_password: "{{ undef('You must specify a Grafana password using kube_prometheus_stack_grafana_admin_password') }}"
 
diff --git a/roles/kube_prometheus_stack/vars/main.yml b/roles/kube_prometheus_stack/vars/main.yml
index 26755c3..1ea150a 100644
--- a/roles/kube_prometheus_stack/vars/main.yml
+++ b/roles/kube_prometheus_stack/vars/main.yml
@@ -75,8 +75,7 @@
       enabled: true
       servicePort: 8081
       ingressClassName: "{{ kube_prometheus_stack_ingress_class_name }}"
-      annotations:
-        cert-manager.io/cluster-issuer: atmosphere
+      annotations: "{{ kube_prometheus_stack_ingress_annotations | combine(atmosphere_ingress_annotations, recursive=True) }}"
       hosts:
         - "{{ kube_prometheus_stack_alertmanager_host }}"
       tls:
@@ -182,8 +181,7 @@
     ingress:
       enabled: true
       ingressClassName: "{{ kube_prometheus_stack_ingress_class_name }}"
-      annotations:
-        cert-manager.io/cluster-issuer: atmosphere
+      annotations: "{{ kube_prometheus_stack_ingress_annotations | combine(atmosphere_ingress_annotations, recursive=True) }}"
       hosts:
         - "{{ kube_prometheus_stack_grafana_host }}"
       tls:
@@ -301,8 +299,7 @@
       enabled: true
       servicePort: 8081
       ingressClassName: "{{ kube_prometheus_stack_ingress_class_name }}"
-      annotations:
-        cert-manager.io/cluster-issuer: atmosphere
+      annotations: "{{ kube_prometheus_stack_ingress_annotations | combine(atmosphere_ingress_annotations, recursive=True) }}"
       hosts:
         - "{{ kube_prometheus_stack_prometheus_host }}"
       tls: