Update role

2022-04-10 14:36:22 +02:00 · 2022-04-10 14:36:22 +02:00 · 444ed560eb
commit 444ed560eb
parent fc1c3da9bc
4 changed files with 74 additions and 60 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -15,55 +15,13 @@
      release_namespace: "{{ cert_manager_namespace }}"
      values:
        installCRDs: true
-        global:
-          podSecurityPolicy:
-            enabled: true
-            useAppArmor: false
+#        global:
+#          podSecurityPolicy:
+#            enabled: true
+#            useAppArmor: false
        extraArgs:
          - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53

-  - name: Create Secret object for API Key authentification
-    kubernetes.core.k8s:
-      state: present
-      context: "{{ my_context }}"
-      apply: true
-      namespace: "{{ cert_manager_namespace }}"
-      resource_definition: "{{ lookup('template', 'api-key-secret.yml.j2') | from_yaml }}"
-    when:
-      - cert_manager_issuer is defined
-    with_items:
-      - "{{ cert_manager_issuer }}"
-
-# Tempo ici
-
-  - name: Define SelfSigned ClusterIssuer
-    kubernetes.core.k8s:
-      state: present
-      context: "{{ my_context }}"
-#      namespace: "cert-manager"
-      definition:
-        apiVersion: cert-manager.io/v1
-        kind: ClusterIssuer
-        metadata:
-          name: selfsigned
-        spec:
-          selfSigned: {}
-
-  - name: Defined ClusterIssuers
-    kubernetes.core.k8s:
-      state: present
-      context: "{{ my_context }}"
-      apply: true
-      namespace: "{{ cert_manager_namespace }}"
-      resource_definition: "{{ lookup('template', item) | from_yaml }}"
-#    debug:
-#      msg: "{{ lookup('template', item) | from_yaml }}"
-    with_items:
-      - clusterissuer.yml.j2
-    when:
-#      - false
-      - cert_manager_issuer is defined
-
 # https://github.com/baarde/cert-manager-webhook-ovh/tree/master/deploy/cert-manager-webhook-ovh
  - name: Install OVH webhook
    block:
@ -145,6 +103,45 @@
      - cert_manager_issuer is defined
      - cert_manager_issuer.[].provider == "step"

+  - name: Add ClusterIssuers
+    block:
+    - name: Create Secret object for API Key authentification
+      kubernetes.core.k8s:
+        state: present
+        context: "{{ my_context }}"
+        apply: true
+        namespace: "{{ cert_manager_namespace }}"
+        resource_definition: "{{ lookup('template', 'api-key-secret.yml.j2') | from_yaml }}"
+
+# Tempo ici
+
+#    - name: Define SelfSigned ClusterIssuer
+#      kubernetes.core.k8s:
+#        state: present
+#        context: "{{ my_context }}"
+##        namespace: "{{ cert_manager_namespace }}"
+#        definition:
+#          apiVersion: cert-manager.io/v1
+#          kind: ClusterIssuer
+#          metadata:
+#            name: selfsigned
+#          spec:
+#            selfSigned: {}
+
+    - name: Defined ClusterIssuers
+      kubernetes.core.k8s:
+        state: present
+        context: "{{ my_context }}"
+        apply: true
+        namespace: "{{ cert_manager_namespace }}"
+        resource_definition: "{{ lookup('template', 'clusterissuer.yml.j2') | from_yaml }}"
+#      debug:
+#        msg: "{{ lookup('template', item) | from_yaml }}"
+
+    with_items:
+      - "{{ cert_manager_issuer }}"
+    when:
+      - cert_manager_issuer is defined

  tags: cert-manager

@ -157,7 +154,7 @@
    chart_ref: jetstack/cert-manager-csi-driver
    chart_version: "{{ certmanager_csi_version }}"
    create_namespace: yes
-    release_namespace: "cert-manager"
+    release_namespace: "{{ cert_manager_namespace }}"
  when:
    - certmanager_csi|bool
  tags: