# This file is kept for reference but no longer used
# Certificate creation is now managed via GitOps through ArgoCD
# See manifests/30-landing/templates/certificate.yaml for the certificate definition

# ---
# # Create root domain certificate
# - name: Create root domain certificate
#   kubernetes.core.k8s:
#     state: present
#     definition:
#       apiVersion: cert-manager.io/v1
#       kind: Certificate
#       metadata:
#         name: container-mom-root
#         namespace: openshift-ingress
#       spec:
#         dnsNames:
#           - container.mom
#           - www.container.mom
#         duration: 2160h # 90d
#         renewBefore: 720h # 30d
#         issuerRef:
#           name: letsencrypt-prod
#           kind: ClusterIssuer
#         secretName: container-mom-root-tls
#   tags:
#     - cert
#     - root-cert
# 
# # Wait for certificate to be ready
# - name: Wait for certificate to be ready
#   kubernetes.core.k8s_info:
#     api_version: cert-manager.io/v1
#     kind: Certificate
#     name: container-mom-root
#     namespace: openshift-ingress
#   register: cert_status
#   until: cert_status.resources[0].status.conditions is defined and cert_status.resources[0].status.conditions | selectattr('type', 'equalto', 'Ready') | map(attribute='status') | first == "True"
#   retries: 30
#   delay: 10
#   tags:
#     - cert
#     - root-cert
# 
# # Create a ClusterRoleBinding to allow the router to access the certificate secret
# - name: Create ClusterRoleBinding for router to access certificate secret
#   kubernetes.core.k8s:
#     state: present
#     definition:
#       apiVersion: rbac.authorization.k8s.io/v1
#       kind: ClusterRoleBinding
#       metadata:
#         name: router-container-mom-tls
#       roleRef:
#         apiGroup: rbac.authorization.k8s.io
#         kind: ClusterRole
#         name: system:auth-delegator
#       subjects:
#         - kind: ServiceAccount
#           name: router
#           namespace: openshift-ingress
#   tags:
#     - cert
#     - root-cert
# 
# # Update ArgoCD application
# - name: Update ArgoCD application
#   kubernetes.core.k8s:
#     state: present
#     definition:
#       apiVersion: argoproj.io/v1alpha1
#       kind: Application
#       metadata:
#         name: landing-page
#         namespace: argocd
#       spec:
#         syncPolicy:
#           automated:
#             prune: true
#             selfHeal: true
#           syncOptions:
#             - CreateNamespace=true
#   tags:
#     - cert
#     - root-cert