Update role

templates/clusterissuer.yml.j2

@@ -2,28 +2,39 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-prod
+  name: {{ item.name }}
 spec:
+{% if acme_provider is defined %}
   acme:
+{% if acme_provider == "letsencrypt" %}
     email: "{{ cert_manager_acme_email }}"
     server: https://acme-v02.api.letsencrypt.org/directory
     privateKeySecretRef:
-      name: letsencrypt-prod-account-key
+      name: {{ item.name }}-account-key
+{% elif acme_provider == "zerossl" %}
+    server: https://acme.zerossl.com/v2/DV90
+    externalAccountBinding:
+      keyID: YOUR_EAB_KID
+      keySecretRef:
+        name: zero-sll-eabsecret
+        key: secret
+      keyAlgorithm: HS256
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: {{ item.name }}-prod
+{% endif %}
 
     solvers:
-{% for i in cert_manager_issuer %}
-    - selector:
-        dnsZones:
-          - "{{ i.domain }}"
-      {{ i.solver }}:
+{% for i in item %}
+    - {{ i.solver }}:
 {% if i.solver == "dns01" %}
-{% if i.provider == "cloudflare" %}
+{% if i.dns_provider == "cloudflare" %}
         cloudflare:
-          email: "{{ i.email }}"
+          email: "{{ i.cloudflare_email }}"
           apiKeySecretRef:
             name: cloudflare-api-key
             key: api-key
-{% elif i.provider == "route53" %}
+{% elif i.dns_provider == "route53" %}
         route53:
             region: us-west-3
             hostedZoneID: {{ route53_hostzoneid_exemplecom }}
@@ -31,7 +42,7 @@ spec:
             secretAccessKeySecretRef:
               name: route53-api-key
               key: secret-access-key
-{% elif i.provider == "ovh" %}
+{% elif i.dns_provider == "ovh" %}
         webhook:
           groupName: '{{ i.consumerKey }}'
           solverName: ovh
@@ -47,4 +58,10 @@ spec:
         ingress:
           class: traefik
 {% endif %}
+      selector:
+        dnsZones:
+          - "{{ i.domain }}"
 {% endfor %}
+{% else %}
+  selfSigned: {}
+{% endif %}