fix(manila): switch to pubkey auth
diff --git a/release-please-config.json b/release-please-config.json
index ac4fb3c..6cf3256 100644
--- a/release-please-config.json
+++ b/release-please-config.json
@@ -4,6 +4,7 @@
       "release-type": "python",
       "draft": true,
       "extra-files": [
+        "roles/defaults/defaults/main.yml",
         "galaxy.yml"
       ]
     }
diff --git a/roles/defaults/defaults/main.yml b/roles/defaults/defaults/main.yml
index c2f7d58..082c1ed 100644
--- a/roles/defaults/defaults/main.yml
+++ b/roles/defaults/defaults/main.yml
@@ -1,3 +1,19 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+atmosphere_version: 1.1.0 # x-release-please-version
+
 # Ingress
 atmosphere_ingress_class_name: atmosphere
 atmosphere_ingress_cluster_issuer: atmosphere
diff --git a/roles/manila/defaults/main.yml b/roles/manila/defaults/main.yml
index aaaf37d..ef67bad 100644
--- a/roles/manila/defaults/main.yml
+++ b/roles/manila/defaults/main.yml
@@ -26,10 +26,13 @@
 manila_flavor_name: m1.manila
 manila_flavor_vcpus: 2
 manila_flavor_ram: 2048
-manila_flavor_disk: 0
+manila_flavor_disk: 20
 
-# Service instance Image
+# Service instance image
 manila_image_name: manila-service-image
-manila_image_url: https://tarballs.opendev.org/openstack/manila-image-elements/images/manila-service-image-master.qcow2
+manila_image_url: "https://object-storage.public.mtl1.vexxhost.net/swift/v1/b98c5fdfb9be4e39a34b93d0b425ac2b/atmosphere-images/manila-{{ atmosphere_version }}.qcow2" # noqa yaml[line-length]
 manila_image_container_format: bare
-manila_image_disk_format: raw
+manila_image_disk_format: qcow2
+
+# Service instance authentication
+manila_ssh_key: "{{ undef('You must provide a private SSH key using manila_ssh_key') }}"
diff --git a/roles/manila/tasks/generate_public_key.yml b/roles/manila/tasks/generate_public_key.yml
new file mode 100644
index 0000000..290b075
--- /dev/null
+++ b/roles/manila/tasks/generate_public_key.yml
@@ -0,0 +1,58 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Generate public key for SSH private key
+  become: false
+  delegate_to: localhost
+  block:
+    - name: Generate temporary file for SSH public key
+      changed_when: false
+      ansible.builtin.tempfile:
+        state: file
+        prefix: manila_ssh_key_
+      register: _manila_ssh_key_tempfile
+    # NOTE(mnaser): It's important to add a trailing newline at the end of this
+    #               string or else `ssh-keygen` will not be happy.
+    - name: Write contents of current private SSH key
+      changed_when: false
+      ansible.builtin.copy:
+        dest: "{{ _manila_ssh_key_tempfile.path }}"
+        content: "{{ manila_ssh_key }}\n"
+        mode: "0600"
+    - name: Generate public key for SSH private key
+      changed_when: false
+      community.crypto.openssh_keypair:
+        path: "{{ _manila_ssh_key_tempfile.path }}"
+        regenerate: never
+      register: _manila_ssh_publickey
+  always:
+    - name: Delete temporary file for public SSH key
+      changed_when: false
+      ansible.builtin.file:
+        path: "{{ _manila_ssh_key_tempfile.path }}"
+        state: absent
+
+- name: Create secret with the SSH keys
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: "{{ manila_helm_release_name }}-ssh-keys"
+        namespace: "{{ manila_helm_release_namespace }}"
+      type: Opaque
+      data:
+        id_rsa: "{{ manila_ssh_key | b64encode }}"
+        id_rsa.pub: "{{ _manila_ssh_publickey.public_key | b64encode }}"
diff --git a/roles/manila/tasks/main.yml b/roles/manila/tasks/main.yml
index 067a66a..ea9f188 100644
--- a/roles/manila/tasks/main.yml
+++ b/roles/manila/tasks/main.yml
@@ -16,6 +16,10 @@
   ansible.builtin.import_tasks:
     file: generate_resources.yml
 
+- name: Generate public key for SSH private key
+  ansible.builtin.import_tasks:
+    file: generate_public_key.yml
+
 - name: Deploy Helm chart
   run_once: true
   kubernetes.core.helm:
diff --git a/roles/manila/vars/main.yml b/roles/manila/vars/main.yml
index 456d41b..8667a14 100644
--- a/roles/manila/vars/main.yml
+++ b/roles/manila/vars/main.yml
@@ -17,11 +17,23 @@
   images:
     tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('manila') }}"
   pod:
+    mounts:
+      manila_share:
+        manila_share:
+          volumeMounts:
+            - name: ssh-keys
+              mountPath: /etc/manila/ssh-keys
+          volumes:
+            - name: ssh-keys
+              secret:
+                secretName: "{{ manila_helm_release_name }}-ssh-keys"
     replicas:
       api: 3
       scheduler: 3
   bootstrap:
-    enabled: false
+    structured:
+      flavors: null
+      images: null
   dependencies:
     static:
       share:
@@ -37,6 +49,8 @@
       generic:
         connect_share_server_to_tenant_network: true
         limit_ssh_access: true
+        path_to_private_key: /etc/manila/ssh-keys/id_rsa
+        path_to_public_key: /etc/manila/ssh-keys/id_rsa.pub
         service_image_name: "{{ manila_image_name }}"
         service_instance_flavor_id: "{{ _manila_flavor.id }}"
       oslo_messaging_no tifications: