openstack_helm_ingress
If you have an existing wildcard certificate to use for all your endpoints with Atmosphere, you can simply configure it as follows;
Create a Kubernetes TLS secret using your wildcard certificate, you can refer to the Kubernetes documentation for more details.
kubectl -n openstack create secret tls wildcard-certs --key=/path/to/tls.key --cert=/path/to/tls.crt
Note
If you have a certificate that needs to be combined with an intermediate certificate, you can combine them all to a single file with the certificate first, followed by the intermediate certificate, followed by the root.
Update the openstack_helm_ingress_secret_name
to point towards the name of the secret you created in step 1.
openstack_helm_ingress_secret_name: wildcard-certs
Set cluster_issuer_type to none, this is required for other roles like for example Horizon.
cluster_issuer_type: none
Note
If you make this change after a deployment, you will need to re-run all of the playbooks in order to update all the
Ingress
resources.