Work on OVH provider

templates/api-key-secret.yml.j2

@@ -10,5 +10,5 @@ data:
 {% elif item.provider == "route53" %}
   secret-access-key: "{{ lookup('hashi_vault', 'secret=clusters/route53:secret-access-key') | b64encode }}"
 {% elif item.provider == "ovh" %}
-  applicationSecret='4YHU8g4zsg7Id'
+  applicationSecret='{{ cert_manager_issuer.applicationSecret | b64encode }}'
 {% endif %}

templates/cert-manager-webhook-ovh-Role.yml.j2

@@ -0,0 +1,10 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cert-manager-webhook-ovh:secret-reader
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  resourceNames: ["ovh-api-key"]
+  verbs: ["get", "watch"]

templates/cert-manager-webhook-ovh-RoleBinding.yml.j2

@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cert-manager-webhook-ovh:secret-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cert-manager-webhook-ovh:secret-reader
+subjects:
+- apiGroup: ""
+  kind: ServiceAccount
+  name: cert-manager-webhook-ovh

templates/clusterissuer.yml.j2

@@ -1,3 +1,4 @@
+---
 apiVersion: cert-manager.io/v1alpha2
 kind: ClusterIssuer
 metadata:
@@ -31,14 +32,14 @@ spec:
               key: secret-access-key
 {% elif i.provider == "ovh" %}
         webhook:
-          groupName: 'acme.example.io'
+          groupName: '{{ i.consumerKey }}'
           solverName: ovh
           config:
             endpoint: ovh-eu
-            applicationKey: 'qdhYTYsd546Ssg5'
+            applicationKey: '{{ i.applicationKey }}'
             applicationSecretRef:
               name: ovh-api-key
               key: applicationSecret
-            consumerKey: 'vjdshGFDGShjusqqee4543dsjfndsjgf'
+            consumerKey: '{{ i.consumerKey }}'
 {% endif %}
 {% endfor %}