chore: switch to clusterissuer
diff --git a/roles/atmosphere/templates/cluster_role.yml b/roles/atmosphere/templates/cluster_role.yml
index 2a0d447..2b4cc2b 100644
--- a/roles/atmosphere/templates/cluster_role.yml
+++ b/roles/atmosphere/templates/cluster_role.yml
@@ -5,6 +5,10 @@
name: atmosphere
rules:
- apiGroups: [""]
+ resources: ["namespaces", "services", "configmaps", "secrets"]
+ verbs: ["get", "create", "patch"]
+ - apiGroups: ["networking.k8s.io"]
+ resources: ["ingresses"]
resources: ["namespaces", "services"]
verbs: ["get", "create", "patch"]
- apiGroups: ["source.toolkit.fluxcd.io"]
@@ -13,3 +17,9 @@
- apiGroups: ["helm.toolkit.fluxcd.io"]
resources: ["helmreleases"]
verbs: ["get", "create", "patch"]
+ - apiGroups: ["cert-manager.io"]
+ resources: ["certificates", "clusterissuers"]
+ verbs: ["get", "create", "patch"]
+ - apiGroups: ["ceph.rook.io"]
+ resources: ["cephclusters", "cephobjectstores"]
+ verbs: ["get", "create", "patch"]
diff --git a/roles/atmosphere/templates/role.yml b/roles/atmosphere/templates/role.yml
index 1a0a38e..21040ab 100644
--- a/roles/atmosphere/templates/role.yml
+++ b/roles/atmosphere/templates/role.yml
@@ -5,15 +5,9 @@
namespace: openstack
name: atmosphere
rules:
- - apiGroups: [""]
- resources: ["secrets"]
- verbs: ["get", "create", "patch"]
- apiGroups: ["pxc.percona.com"]
resources: ["perconaxtradbclusters"]
verbs: ["get", "create", "patch"]
- apiGroups: ["rabbitmq.com"]
resources: ["rabbitmqclusters"]
verbs: ["get", "create", "patch"]
- - apiGroups: ["cert-manager.io"]
- resources: ["certificates", "issuers"]
- verbs: ["get", "create", "patch"]
diff --git a/roles/certificates/tasks/main.yml b/roles/certificates/tasks/main.yml
index 72ed046..4cdb916 100644
--- a/roles/certificates/tasks/main.yml
+++ b/roles/certificates/tasks/main.yml
@@ -22,7 +22,7 @@
api_version: v1
kind: Secret
name: "{{ (atmosphere_issuer_config.type == 'self-signed') | ternary('cert-manager-selfsigned-ca', 'cert-manager-issuer-ca') }}"
- namespace: openstack
+ namespace: cert-manager
wait: true
wait_sleep: 1
wait_timeout: 300
diff --git a/roles/openstack_helm_ingress/vars/main.yml b/roles/openstack_helm_ingress/vars/main.yml
index a000c50..4c860cf 100644
--- a/roles/openstack_helm_ingress/vars/main.yml
+++ b/roles/openstack_helm_ingress/vars/main.yml
@@ -13,7 +13,7 @@
# under the License.
_openstack_helm_ingress_annotations:
- cert-manager.io/issuer: openstack
+ cert-manager.io/cluster-issuer: atmosphere
_openstack_helm_ingress_paths: "{{ openstack_helm_ingress_paths + __openstack_helm_ingress_paths }}"
__openstack_helm_ingress_paths:
diff --git a/roles/openstack_helm_octavia/tasks/main.yml b/roles/openstack_helm_octavia/tasks/main.yml
index dce8c18..14001e1 100644
--- a/roles/openstack_helm_octavia/tasks/main.yml
+++ b/roles/openstack_helm_octavia/tasks/main.yml
@@ -156,7 +156,7 @@
size: 256
issuerRef:
name: self-signed
- kind: Issuer
+ kind: ClusterIssuer
group: cert-manager.io
- apiVersion: cert-manager.io/v1