diff --git a/ca-clusterissuer/Chart.yaml b/ca-clusterissuer/Chart.yaml
new file mode 100644
index 000000000..ee59e38d8
--- /dev/null
+++ b/ca-clusterissuer/Chart.yaml
@@ -0,0 +1,20 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: v1
+appVersion: "1.0"
+description: Certificate Issuer chart for OSH
+home: https://cert-manager.io/
+name: ca-clusterissuer
+version: 0.1.0
+...
diff --git a/ca-clusterissuer/requirements.yaml b/ca-clusterissuer/requirements.yaml
new file mode 100644
index 000000000..19b0d6992
--- /dev/null
+++ b/ca-clusterissuer/requirements.yaml
@@ -0,0 +1,18 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+dependencies:
+  - name: helm-toolkit
+    repository: http://localhost:8879/charts
+    version: ">= 0.1.0"
+...
diff --git a/ca-clusterissuer/templates/clusterissuer-ca.yaml b/ca-clusterissuer/templates/clusterissuer-ca.yaml
new file mode 100644
index 000000000..1f67d7b4a
--- /dev/null
+++ b/ca-clusterissuer/templates/clusterissuer-ca.yaml
@@ -0,0 +1,28 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.clusterissuer }}
+{{- $envAll := . }}
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: {{ .Values.conf.ca.issuer.name }}
+  labels:
+{{ tuple $envAll "cert-manager" "clusterissuer" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+spec:
+  ca:
+    secretName: {{ .Values.conf.ca.secret.name }}
+...
+{{- end }}
diff --git a/ca-clusterissuer/templates/secret-ca.yaml b/ca-clusterissuer/templates/secret-ca.yaml
new file mode 100644
index 000000000..8c4472514
--- /dev/null
+++ b/ca-clusterissuer/templates/secret-ca.yaml
@@ -0,0 +1,26 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_ca }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.conf.ca.secret.name }}
+  namespace: {{ .Values.conf.ca.secret.namespace }}
+data:
+  tls.crt: {{ .Values.conf.ca.secret.crt | default "" | b64enc }}
+  tls.key: {{ .Values.conf.ca.secret.key | default "" | b64enc }}
+...
+{{- end }}
diff --git a/ca-clusterissuer/values.yaml b/ca-clusterissuer/values.yaml
new file mode 100644
index 000000000..eefe92bba
--- /dev/null
+++ b/ca-clusterissuer/values.yaml
@@ -0,0 +1,27 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+conf:
+  ca:
+    issuer:
+      name: ca-issuer
+    secret:
+      name: secret-name
+      # Namespace where cert-manager is deployed.
+      namespace: cert-manager
+      crt: null
+      key: null
+
+manifests:
+  clusterissuer: true
+  secret_ca: true
+...
diff --git a/ca-issuer/Chart.yaml b/ca-issuer/Chart.yaml
index b4eff6650..b5543746a 100644
--- a/ca-issuer/Chart.yaml
+++ b/ca-issuer/Chart.yaml
@@ -16,5 +16,5 @@ appVersion: "1.0"
 description: Certificate Issuer chart for OSH
 home: https://cert-manager.io/
 name: ca-issuer
-version: 0.1.1
+version: 0.1.2
 ...
diff --git a/ca-issuer/templates/issuer-ca.yaml b/ca-issuer/templates/issuer-ca.yaml
index 01af5f337..a93713554 100644
--- a/ca-issuer/templates/issuer-ca.yaml
+++ b/ca-issuer/templates/issuer-ca.yaml
@@ -15,7 +15,7 @@ limitations under the License.
 {{- if .Values.manifests.issuer }}
 {{- $envAll := . }}
 ---
-apiVersion: cert-manager.io/v1alpha3
+apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
   name: {{ .Values.conf.ca.issuer.name }}
diff --git a/helm-toolkit/Chart.yaml b/helm-toolkit/Chart.yaml
index ffb8cf39e..7ece3309f 100644
--- a/helm-toolkit/Chart.yaml
+++ b/helm-toolkit/Chart.yaml
@@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Helm-Toolkit
 name: helm-toolkit
-version: 0.2.0
+version: 0.2.1
 home: https://docs.openstack.org/openstack-helm
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
 sources:
diff --git a/helm-toolkit/templates/manifests/_certificates.tpl b/helm-toolkit/templates/manifests/_certificates.tpl
index 3b6ab2b18..68fe583f2 100644
--- a/helm-toolkit/templates/manifests/_certificates.tpl
+++ b/helm-toolkit/templates/manifests/_certificates.tpl
@@ -43,7 +43,7 @@ examples:
       {{ $opts | include "helm-toolkit.manifests.certificates" }}
     return: |
       ---
-      apiVersion: cert-manager.io/v1alpha3
+      apiVersion: cert-manager.io/v1
       kind: Certificate
       metadata:
         name: keystone-tls-api
@@ -94,7 +94,7 @@ examples:
 {{- $_ := (list "server auth" "client auth") | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls") "usages" -}}
 {{- end -}}
 ---
-apiVersion: cert-manager.io/v1alpha3
+apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: {{ index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls" "secretName" }}
diff --git a/helm-toolkit/templates/manifests/_ingress.tpl b/helm-toolkit/templates/manifests/_ingress.tpl
index e2426d3e4..7588c7938 100644
--- a/helm-toolkit/templates/manifests/_ingress.tpl
+++ b/helm-toolkit/templates/manifests/_ingress.tpl
@@ -554,9 +554,9 @@ examples:
 {{- $backendPort := index . "backendPort" -}}
 {{- $endpoint := index . "endpoint" | default "public" -}}
 {{- $certIssuer := index . "certIssuer" | default "" -}}
-{{- $certIssuerType := index . "certIssuerType" | default "issuer" -}}
+{{- $certIssuerType := index . "certIssuerType" | default "cluster-issuer" -}}
 {{- if and (ne $certIssuerType "issuer") (ne $certIssuerType "cluster-issuer") }}
-{{- $certIssuerType = "issuer" -}}
+{{- $certIssuerType = "cluster-issuer" -}}
 {{- end }}
 {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
 {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
diff --git a/mariadb/Chart.yaml b/mariadb/Chart.yaml
index cf9f6da76..c9f563784 100644
--- a/mariadb/Chart.yaml
+++ b/mariadb/Chart.yaml
@@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v10.2.31
 description: OpenStack-Helm MariaDB
 name: mariadb
-version: 0.1.5
+version: 0.1.6
 home: https://mariadb.com/kb/en/
 icon: http://badges.mariadb.org/mariadb-badge-180x60.png
 sources:
diff --git a/mariadb/values_overrides/tls.yaml b/mariadb/values_overrides/tls.yaml
index f89d5e94b..b8da60f89 100644
--- a/mariadb/values_overrides/tls.yaml
+++ b/mariadb/values_overrides/tls.yaml
@@ -17,7 +17,7 @@ endpoints:
           secretName: mariadb-tls-direct
           issuerRef:
             name: ca-issuer
-            kind: Issuer
+            kind: ClusterIssuer
 manifests:
   certificates: true
 ...