feat: allow adding dns01 clusterissuers
diff --git a/roles/openstack_helm_ingress/defaults/main.yml b/roles/openstack_helm_ingress/defaults/main.yml
index ed23163..1a0aa95 100644
--- a/roles/openstack_helm_ingress/defaults/main.yml
+++ b/roles/openstack_helm_ingress/defaults/main.yml
@@ -19,3 +19,8 @@
#
# See: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
# openstack_helm_ingress_secret_name: wildcard-certs
+
+# Domain to use to issue a wildcard certificate and use for all ingress objects,
+# this is useful when you want to use a single certificate for all services and
+# use DNS-01 challenge to issue the certificate.
+# openstack_helm_ingress_wildcard_domain: cloud.atmosphere.dev
diff --git a/roles/openstack_helm_ingress/tasks/main.yml b/roles/openstack_helm_ingress/tasks/main.yml
index d373513..12822ea 100644
--- a/roles/openstack_helm_ingress/tasks/main.yml
+++ b/roles/openstack_helm_ingress/tasks/main.yml
@@ -12,6 +12,30 @@
# License for the specific language governing permissions and limitations
# under the License.
+- name: Create wildcard certificate
+ run_once: true
+ when: openstack_helm_ingress_wildcard_domain is defined
+ block:
+ - name: Create certificate
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: cert-manager.io/v1
+ kind: Certificate
+ metadata:
+ name: atmosphere-wildcard
+ namespace: openstack
+ spec:
+ secretName: atmosphere-wildcard
+ issuerRef:
+ kind: ClusterIssuer
+ name: "{{ openstack_helm_ingress_cluster_issuer }}"
+ dnsNames:
+ - "*.{{ openstack_helm_ingress_wildcard_domain }}"
+ - name: Set fact with wildcard certificate
+ ansible.builtin.set_fact:
+ openstack_helm_ingress_secret_name: atmosphere-wildcard
+
- name: Add ClusterIssuer annotations
ansible.builtin.set_fact:
_openstack_helm_ingress_annotations: "{{ _openstack_helm_ingress_annotations | combine(annotations, recursive=True) }}"