Fix bad indentation in cert-manager when trusted internal ca is defined

[infra-monkey]

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespaces from that line:

/kind bug

What this PR does / why we need it:
Deployment of cert-manager fails if a trusted internal ca is defined
Failure:
TASK [kubernetes-apps/ingress_controller/cert_manager : Cert Manager | Apply manifests] ***********************************************************************************
failed: [k8s-control01] (item={'diff': [], 'dest': '/etc/kubernetes/addons/cert_manager/cert-manager.yml', 'src': '/home/admin.monkey/.ansible/tmp/ansible-tmp-1639729826.653066-112952-113797090066415/source', 'md5sum': '8830e968c0f516e62cb48b21384fe629', 'checksum': '1bfb4613a52d53e763d68597bc4ebb8e23193a4f', 'changed': True, 'uid': 0, 'gid': 0, 'owner': 'root', 'group': 'root', 'mode': '0644', 'state': 'file', 'size': 37737, 'invocation': {'module_args': {'src': '/home/admin.monkey/.ansible/tmp/ansible-tmp-1639729826.653066-112952-113797090066415/source', 'dest': '/etc/kubernetes/addons/cert_manager/cert-manager.yml', 'mode': None, 'follow': False, '_original_basename': 'cert-manager.yml.j2', 'checksum': '1bfb4613a52d53e763d68597bc4ebb8e23193a4f', 'backup': False, 'force': True, 'unsafe_writes': False, 'content': None, 'validate': None, 'directory_mode': None, 'remote_src': None, 'local_follow': None, 'owner': None, 'group': None, 'seuser': None, 'serole': None, 'selevel': None, 'setype': None, 'attributes': None}}, 'failed': False, 'item': {'name': 'cert-manager', 'file': 'cert-manager.yml', 'type': 'all'}, 'ansible_loop_var': 'item'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": true, "checksum": "1bfb4613a52d53e763d68597bc4ebb8e23193a4f", "dest": "/etc/kubernetes/addons/cert_manager/cert-manager.yml", "diff": [], "failed": false, "gid": 0, "group": "root", "invocation": {"module_args": {"_original_basename": "cert-manager.yml.j2", "attributes": null, "backup": false, "checksum": "1bfb4613a52d53e763d68597bc4ebb8e23193a4f", "content": null, "dest": "/etc/kubernetes/addons/cert_manager/cert-manager.yml", "directory_mode": null, "follow": false, "force": true, "group": null, "local_follow": null, "mode": null, "owner": null, "remote_src": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": "/home/admin.monkey/.ansible/tmp/ansible-tmp-1639729826.653066-112952-113797090066415/source", "unsafe_writes": false, "validate": null}}, "item": {"file": "cert-manager.yml", "name": "cert-manager", "type": "all"}, "md5sum": "8830e968c0f516e62cb48b21384fe629", "mode": "0644", "owner": "root", "size": 37737, "src": "/home/admin.monkey/.ansible/tmp/ansible-tmp-1639729826.653066-112952-113797090066415/source", "state": "file", "uid": 0}, "msg": "error running kubectl (/usr/local/bin/kubectl apply --force --filename=/etc/kubernetes/addons/cert_manager/cert-manager.yml) command (rc=1), out='namespace/cert-manager created\nserviceaccount/cert-manager-cainjector created\nserviceaccount/cert-manager created\nserviceaccount/cert-manager-webhook created\nclusterrole.rbac.authorization.k8s.io/cert-manager-cainjector unchanged\nclusterrole.rbac.authorization.k8s.io/cert-manager-controller-issuers unchanged\nclusterrole.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers unchanged\nclusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificates unchanged\nclusterrole.rbac.authorization.k8s.io/cert-manager-controller-orders unchanged\nclusterrole.rbac.authorization.k8s.io/cert-manager-controller-challenges unchanged\nclusterrole.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim unchanged\nclusterrole.rbac.authorization.k8s.io/cert-manager-view unchanged\nclusterrole.rbac.authorization.k8s.io/cert-manager-edit unchanged\nclusterrole.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io unchanged\nclusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests unchanged\nclusterrole.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews unchanged\nclusterrolebinding.rbac.authorization.k8s.io/cert-manager-cainjector unchanged\nclusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-issuers unchanged\nclusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers unchanged\nclusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificates unchanged\nclusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-orders unchanged\nclusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-challenges unchanged\nclusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim unchanged\nclusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io unchanged\nclusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests unchanged\nclusterrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews configured\nrole.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created\nrole.rbac.authorization.k8s.io/cert-manager:leaderelection created\nrole.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created\nrolebinding.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created\nrolebinding.rbac.authorization.k8s.io/cert-manager:leaderelection created\nrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created\nservice/cert-manager created\nservice/cert-manager-webhook created\ndeployment.apps/cert-manager-cainjector created\nconfigmap/ca-internal-truststore created\n', err='error: error parsing /etc/kubernetes/addons/cert_manager/cert-manager.yml: error converting YAML to JSON: yaml: line 57: did not find expected '-' indicator\n'"}

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:
I noticed this bug when deploying from the dev branch.
I made the original change for that feature

Does this PR introduce a user-facing change?:

Fix bad indentation in cert-manager when trusted internal ca is defined

[linux-foundation-easycla]

The committers are authorized under a signed CLA.

• ✅ Antoine Gatineau (10f3f5e)

[k8s-ci-robot]

Hi @infra-monkey. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[cristicalin]

Hi @infra-monkey , could you make sure to fix your CLA signature ? https://api.easycla.lfx.linuxfoundation.org/v2/repository-provider/github/sign/20677499/43613404/8314/#/?version=2

/ok-to-test

[infra-monkey]

Hi @infra-monkey , could you make sure to fix your CLA signature ? https://api.easycla.lfx.linuxfoundation.org/v2/repository-provider/github/sign/20677499/43613404/8314/#/?version=2

/ok-to-test

Done

[floryut]

@infra-monkey Thanks 👍

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: floryut, infra-monkey

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [floryut]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[cristicalin]

Thanks @infra-monkey !

/lgtm