Revert "feat(tls): Change Issuer to ClusterIssuer"

This reverts commit 43e75eaa83.

Reason for revert: Doing this as part of the revert here - https://review.opendev.org/c/openstack/openstack-helm-infra/+/772733

Change-Id: I9c04a35c179d23ec1b7612b4f87d9d16352985cc

cinder/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Cinder
 name: cinder
-version: 0.1.7
+version: 0.1.8
 home: https://docs.openstack.org/cinder/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
 sources:

cinder/values_overrides/tls.yaml

@@ -97,7 +97,6 @@ endpoints:
           secretName: cinder-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
       internal: https
@@ -111,7 +110,6 @@ endpoints:
           secretName: cinder-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
       internal: https
@@ -125,7 +123,6 @@ endpoints:
           secretName: cinder-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
       internal: https

glance/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Glance
 name: glance
-version: 0.1.2
+version: 0.1.3
 home: https://docs.openstack.org/glance/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
 sources:

glance/values_overrides/tls.yaml

@@ -92,7 +92,6 @@ endpoints:
           secretName: glance-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
       public: https
@@ -106,7 +105,6 @@ endpoints:
           secretName: glance-tls-reg
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
       public: https

heat/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Heat
 name: heat
-version: 0.1.3
+version: 0.1.4
 home: https://docs.openstack.org/heat/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png
 sources:

heat/values_overrides/tls.yaml

@@ -144,7 +144,6 @@ endpoints:
           secretName: heat-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
     port:
@@ -157,7 +156,6 @@ endpoints:
           secretName: heat-tls-cfn
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
     port:
@@ -171,7 +169,7 @@ endpoints:
           secretName: heat-tls-cloudwatch
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
+            kind: Issuer
   ingress:
     port:
       ingress:

horizon/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Horizon
 name: horizon
-version: 0.1.4
+version: 0.1.5
 home: https://docs.openstack.org/horizon/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png
 sources:

horizon/values_overrides/tls.yaml

@@ -93,7 +93,6 @@ endpoints:
           secretName: horizon-tls-web
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
       public: https

keystone/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Keystone
 name: keystone
-version: 0.1.4
+version: 0.1.5
 home: https://docs.openstack.org/keystone/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
 sources:

keystone/values_overrides/tls.yaml

@@ -68,7 +68,7 @@ endpoints:
           secretName: keystone-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
+            kind: Issuer
     scheme:
       default: https
       public: https

neutron/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Neutron
 name: neutron
-version: 0.1.7
+version: 0.1.8
 home: https://docs.openstack.org/neutron/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
 sources:

neutron/values_overrides/tls.yaml

@@ -117,7 +117,6 @@ endpoints:
           secretName: neutron-tls-server
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
     port:

nova/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Nova
 name: nova
-version: 0.1.8
+version: 0.1.9
 home: https://docs.openstack.org/nova/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
 sources:

nova/values_overrides/tls.yaml

@@ -171,7 +171,6 @@ endpoints:
           secretName: nova-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: 'https'
     port:
@@ -184,7 +183,6 @@ endpoints:
           secretName: metadata-tls-metadata
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
     port:
@@ -197,7 +195,6 @@ endpoints:
           secretName: nova-novncproxy-tls-proxy
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
     port:
@@ -210,7 +207,6 @@ endpoints:
           secretName: nova-tls-spiceproxy
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
   placement:
@@ -220,7 +216,6 @@ endpoints:
           secretName: placement-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
     port:

placement/Chart.yaml

@@ -16,7 +16,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Placement
 name: placement
-version: 0.1.5
+version: 0.1.6
 home: https://docs.openstack.org/placement/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png
 sources:

placement/values_overrides/tls.yaml

@@ -68,7 +68,6 @@ endpoints:
           secretName: placement-tls-api
           issuerRef:
             name: ca-issuer
-            kind: ClusterIssuer
     scheme:
       default: https
     port:

tools/scripts/tls/cert-manager.sh

@@ -2,7 +2,7 @@
 
 set -eux
 
-: ${CERT_MANAGER_VERSION:="v1.1.0"}
+: ${CERT_MANAGER_VERSION:="v0.15.0"}
 
 cert_path="/etc/openstack-helm"
 ca_cert_root="$cert_path/certs/ca"
@@ -126,12 +126,14 @@ helm repo update
 helm install --name cert-manager --namespace cert-manager \
   --version ${CERT_MANAGER_VERSION} jetstack/cert-manager \
   --set installCRDs=true \
+  --set featureGates=ExperimentalCertificateControllers=true \
   --set extraArgs[0]="--enable-certificate-owner-ref=true"
 
 # helm 3 command
 # helm install cert-manager jetstack/cert-manager --namespace cert-manager \
 #   --version ${CERT_MANAGER_VERSION} \
 #   --set installCRDs=true \
+#.  --set featureGates=ExperimentalCertificateControllers=true \
 #   --set extraArgs[0]="--enable-certificate-owner-ref=true"
 
 helm repo remove jetstack
@@ -145,15 +147,16 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: ca-key-pair
-  namespace: cert-manager
+  namespace: openstack
 data:
   tls.crt: $crt
   tls.key: $key
 ---
-apiVersion: cert-manager.io/v1
+apiVersion: cert-manager.io/v1alpha3
-kind: ClusterIssuer
+kind: Issuer
 metadata:
   name: ca-issuer
+  namespace: openstack
 spec:
   ca:
     secretName: ca-key-pair