diff --git a/bin/update_csi.sh b/bin/update_csi.sh deleted file mode 100755 index a6a2e5e..0000000 --- a/bin/update_csi.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -wget https://github.com/jetstack/cert-manager-csi/raw/master/deploy/cert-manager-csi-driver.yaml - -kubernetes-split-yaml cert-manager-csi-driver.yaml > generated.log -if [ -d files/csi ]; then - rm -fr files/csi -fi -mv generated files/csi -echo -e "---\ncertmanager_csi_list:" > vars/files_list_csi.yml -cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "csi/\2"|' >> vars/files_list_csi.yml - -rm -f generated.log cert-manager-csi-driver.yaml diff --git a/defaults/main.yml b/defaults/main.yml index 00a8306..7635cd4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,4 +3,4 @@ ingress_domain: "local" cert_manager_namespace: "cert-manager" certmanager_csi: true -certmanager_version: "1.1" +certmanager_version: "1.2" diff --git a/files/csi/cert-manager-csi-ClusterRole.yaml b/files/csi/cert-manager-csi-ClusterRole.yaml deleted file mode 100644 index 259e4a3..0000000 --- a/files/csi/cert-manager-csi-ClusterRole.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cert-manager-csi -rules: -- apiGroups: ["cert-manager.io"] - resources: ["certificaterequests"] - verbs: ["get", "create", "delete", "update"] diff --git a/files/csi/cert-manager-csi-ClusterRoleBinding.yaml b/files/csi/cert-manager-csi-ClusterRoleBinding.yaml deleted file mode 100644 index 99e1aee..0000000 --- a/files/csi/cert-manager-csi-ClusterRoleBinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cert-manager-csi -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-csi -subjects: -- apiGroup: - kind: ServiceAccount - name: cert-manager-csi - namespace: cert-manager diff --git a/files/csi/cert-manager-csi-DaemonSet.yaml b/files/csi/cert-manager-csi-DaemonSet.yaml deleted file mode 100644 index 4c8e7a7..0000000 --- a/files/csi/cert-manager-csi-DaemonSet.yaml +++ /dev/null @@ -1,82 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: cert-manager-csi - namespace: cert-manager -spec: - selector: - matchLabels: - app: cert-manager-csi - template: - metadata: - labels: - app: cert-manager-csi - spec: - serviceAccount: cert-manager-csi - containers: - - - name: node-driver-registrar - image: quay.io/k8scsi/csi-node-driver-registrar:v1.2.0 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/cert-manager-csi /registration/cert-manager-csi-reg.sock"] - args: - - --v=5 - - --csi-address=/plugin/csi.sock - - --kubelet-registration-path=/var/lib/kubelet/plugins/cert-manager-csi/csi.sock - env: - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: plugin-dir - mountPath: /plugin - - name: registration-dir - mountPath: /registration - - - name: cert-manager-csi - securityContext: - privileged: true - capabilities: - add: ["SYS_ADMIN"] - allowPrivilegeEscalation: true - image: gcr.io/jetstack-josh/cert-manager-csi:v0.1.0-alpha.1 - imagePullPolicy: "IfNotPresent" - args : - - --node-id=$(NODE_ID) - - --endpoint=$(CSI_ENDPOINT) - - --data-root=/csi-data-dir - env: - - name: NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: CSI_ENDPOINT - value: unix://plugin/csi.sock - volumeMounts: - - name: plugin-dir - mountPath: /plugin - - name: pods-mount-dir - mountPath: /var/lib/kubelet/pods - mountPropagation: "Bidirectional" - - name: csi-data-dir - mountPath: /csi-data-dir - volumes: - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/cert-manager-csi - type: DirectoryOrCreate - - name: pods-mount-dir - hostPath: - path: /var/lib/kubelet/pods - type: Directory - - hostPath: - path: /var/lib/kubelet/plugins_registry - type: Directory - name: registration-dir - - hostPath: - path: /tmp/cert-manager-csi - type: DirectoryOrCreate - name: csi-data-dir diff --git a/files/csi/cert-manager-csi-ServiceAccount.yaml b/files/csi/cert-manager-csi-ServiceAccount.yaml deleted file mode 100644 index 7dc00de..0000000 --- a/files/csi/cert-manager-csi-ServiceAccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: cert-manager-csi - namespace: cert-manager diff --git a/files/csi/csi.cert-manager.io-CSIDriver.yaml b/files/csi/csi.cert-manager.io-CSIDriver.yaml deleted file mode 100644 index ab74642..0000000 --- a/files/csi/csi.cert-manager.io-CSIDriver.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: storage.k8s.io/v1beta1 -kind: CSIDriver -metadata: - name: csi.cert-manager.io -spec: - podInfoOnMount: true - volumeLifecycleModes: - - Ephemeral diff --git a/tasks/csi.yml b/tasks/csi.yml index a4725c2..7c59f76 100644 --- a/tasks/csi.yml +++ b/tasks/csi.yml @@ -1,9 +1,6 @@ --- - name: CSI Cert Manager Setup block: - - name: Include vars for CSI - include_vars: "files_list_csi.yml" - - name: Define state to present set_fact: certmanager_csi_state: "present" @@ -20,10 +17,10 @@ k8s: state: "{{ certmanager_csi_state }}" context: "{{ my_context }}" - merge_type: merge - resource_definition: "{{ lookup('file', item) | from_yaml }}" + apply: true + definition: "{{ item }}" with_items: - - '{{ certmanager_csi_list }}' + - "{{ lookup('url', certmanager_csi_driver_url, split_lines=False) | from_yaml_all | list }}" tags: - cert-manager - storage diff --git a/tasks/main.yml b/tasks/main.yml index 094c034..a8b3f55 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -33,6 +33,8 @@ with_items: - "{{ cert_manager_issuer }}" +# Tempo ici + - name: Defined ClusterIssuers k8s: state: present @@ -65,8 +67,8 @@ chart_ref: tmp/cert-manager-webhook-ovh/deploy/cert-manager-webhook-ovh release_namespace: "{{ cert_manager_namespace }}" values: -# groupName: '{{ cert_manager_issuer | selectattr('provider', 'match', 'ovh') | first }}' - groupName: '{{ cert_manager_issuer | json_query(\"[?provider=='ovh']\") | first }}' +# groupName: '{{ cert_manager_issuer | selectattr("provider", "match", "ovh") | first }}' + groupName: '{{ cert_manager_issuer | json_query(\"[?provider=="ovh"]\") | first }}' # with_items: # - "{{ cert_manager_issuer | selectattr('ovh', 'in', provider) }}" # when: diff --git a/templates/api-key-secret.yml.j2 b/templates/api-key-secret.yml.j2 index 421aabd..87799b2 100644 --- a/templates/api-key-secret.yml.j2 +++ b/templates/api-key-secret.yml.j2 @@ -10,5 +10,5 @@ data: {% elif item.provider == "route53" %} secret-access-key: "{{ lookup('hashi_vault', 'secret=clusters/route53:secret-access-key') | b64encode }}" {% elif item.provider == "ovh" %} - applicationSecret='{{ cert_manager_issuer.applicationSecret | b64encode }}' + applicationSecret: "{{ item.applicationSecret | b64encode }}" {% endif %} diff --git a/vars/files_list_csi.yml b/vars/files_list_csi.yml deleted file mode 100644 index 8c9acb8..0000000 --- a/vars/files_list_csi.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -certmanager_csi_list: - - "csi/csi.cert-manager.io-CSIDriver.yaml" - - "csi/cert-manager-csi-ServiceAccount.yaml" - - "csi/cert-manager-csi-ClusterRole.yaml" - - "csi/cert-manager-csi-ClusterRoleBinding.yaml" - - "csi/cert-manager-csi-DaemonSet.yaml" diff --git a/vars/main.yml b/vars/main.yml index 99d3d43..e0543f7 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,2 +1,2 @@ user: "{{ ansible_user_id }}" -certmanager_upgrade: false +certmanager_csi_driver_url: "https://github.com/jetstack/cert-manager-csi/raw/master/deploy/cert-manager-csi-driver.yaml"