feat: allow adding dns01 clusterissuers
diff --git a/roles/openstack_helm_ingress/defaults/main.yml b/roles/openstack_helm_ingress/defaults/main.yml
index ed23163..1a0aa95 100644
--- a/roles/openstack_helm_ingress/defaults/main.yml
+++ b/roles/openstack_helm_ingress/defaults/main.yml
@@ -19,3 +19,8 @@
 #
 # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
 # openstack_helm_ingress_secret_name: wildcard-certs
+
+# Domain to use to issue a wildcard certificate and use for all ingress objects,
+# this is useful when you want to use a single certificate for all services and
+# use DNS-01 challenge to issue the certificate.
+# openstack_helm_ingress_wildcard_domain: cloud.atmosphere.dev
diff --git a/roles/openstack_helm_ingress/tasks/main.yml b/roles/openstack_helm_ingress/tasks/main.yml
index d373513..12822ea 100644
--- a/roles/openstack_helm_ingress/tasks/main.yml
+++ b/roles/openstack_helm_ingress/tasks/main.yml
@@ -12,6 +12,30 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+- name: Create wildcard certificate
+  run_once: true
+  when: openstack_helm_ingress_wildcard_domain is defined
+  block:
+    - name: Create certificate
+      kubernetes.core.k8s:
+        state: present
+        definition:
+          apiVersion: cert-manager.io/v1
+          kind: Certificate
+          metadata:
+            name: atmosphere-wildcard
+            namespace: openstack
+          spec:
+            secretName: atmosphere-wildcard
+            issuerRef:
+              kind: ClusterIssuer
+              name: "{{ openstack_helm_ingress_cluster_issuer }}"
+            dnsNames:
+              - "*.{{ openstack_helm_ingress_wildcard_domain }}"
+    - name: Set fact with wildcard certificate
+      ansible.builtin.set_fact:
+        openstack_helm_ingress_secret_name: atmosphere-wildcard
+
 - name: Add ClusterIssuer annotations
   ansible.builtin.set_fact:
     _openstack_helm_ingress_annotations: "{{ _openstack_helm_ingress_annotations | combine(annotations, recursive=True) }}"