Update cert-manager to version 1.9.0

2022-07-22 21:57:36 +02:00 · 2022-07-22 21:57:36 +02:00 · 5d75946311
commit 5d75946311
parent a38f0dee43
3 changed files with 127 additions and 127 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -2,6 +2,6 @@ my_context: local
 ingress_domain: "local"
 cert_manager_namespace: "cert-manager"

-certmanager_version: "1.8.2"
+certmanager_version: "1.9.0"
 certmanager_csi: true
 certmanager_csi_version: "0.3.0"
--- a/meta/main.yml
+++ b/meta/main.yml
@ -6,6 +6,6 @@ galaxy_info:
  galaxy_tags: []
  license: GPL2
  platforms:
-  - name: kubernetes
-    version:
-    - all
+    - name: kubernetes
+      version:
+        - all
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,142 +1,142 @@
 - name: Cert Manager setup
  block:
-  - name: Defined jetstack repository
-    kubernetes.core.helm_repository:
-      name: jetstack
-      repo_url: "https://charts.jetstack.io"
+    - name: Defined jetstack repository
+      kubernetes.core.helm_repository:
+        name: jetstack
+        repo_url: "https://charts.jetstack.io"

-  - name: Deploy latest version of Cert-Manager
-    kubernetes.core.helm:
-      context: "{{ my_context }}"
-      name: cert-manager
-      chart_ref: jetstack/cert-manager
-      chart_version: "{{ certmanager_version }}"
-      create_namespace: yes
-      release_namespace: "{{ cert_manager_namespace }}"
-      values:
-        installCRDs: true
-#        global:
-#          podSecurityPolicy:
-#            enabled: true
-#            useAppArmor: false
-        extraArgs:
-          - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
-
-# https://github.com/baarde/cert-manager-webhook-ovh/tree/master/deploy/cert-manager-webhook-ovh
-  - name: Install OVH webhook
-    block:
-    - name: Git clone stable repo on HEAD
-      ansible.builtin.git:
-        repo: "https://github.com/baarde/cert-manager-webhook-ovh.git"
-        dest: tmp/cert-manager-webhook-ovh
-
-    - name: Deploy OVH webhook chart from local path
-      run_once: true
+    - name: Deploy latest version of Cert-Manager
      kubernetes.core.helm:
-        state: present
        context: "{{ my_context }}"
-        name: cert-manager-webhook-ovh
-        chart_ref: tmp/cert-manager-webhook-ovh/deploy/cert-manager-webhook-ovh
+        name: cert-manager
+        chart_ref: jetstack/cert-manager
+        chart_version: "{{ certmanager_version }}"
+        create_namespace: true
        release_namespace: "{{ cert_manager_namespace }}"
        values:
-#          groupName: '{{ cert_manager_issuer | selectattr("provider", "match", "ovh") | first }}'
-          groupName: '{{ cert_manager_issuer | json_query(\"[?provider=="ovh"]\") | first }}'
-#      with_items:
-#        - "{{ cert_manager_issuer | selectattr('ovh', 'in', provider) }}"
-#      when:
-#        - item.provider == "ovh"
+          installCRDs: true
+#          global:
+#            podSecurityPolicy:
+#              enabled: true
+#              useAppArmor: false
+          extraArgs:
+            - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53

-    - name: OVH WebHook dependency
-      kubernetes.core.k8s:
-        state: present
-        context: "{{ my_context }}"
-        apply: true
-        namespace: "{{ cert_manager_namespace }}"
-        resource_definition: "{{ lookup('template', item) | from_yaml }}"
-      with_items:
-        - cert-manager-webhook-ovh-Role.yml.j2
-        - cert-manager-webhook-ovh-RoleBinding.yml.j2
+# https://github.com/baarde/cert-manager-webhook-ovh/tree/master/deploy/cert-manager-webhook-ovh
+    - name: Install OVH webhook
+      block:
+        - name: Git clone stable repo on HEAD
+          ansible.builtin.git:
+            repo: "https://github.com/baarde/cert-manager-webhook-ovh.git"
+            dest: tmp/cert-manager-webhook-ovh

-    when:
-      - false
-      - cert_manager_issuer is defined
-      - cert_manager_issuer.[].provider == "ovh"
+        - name: Deploy OVH webhook chart from local path
+          run_once: true
+          kubernetes.core.helm:
+            state: present
+            context: "{{ my_context }}"
+            name: cert-manager-webhook-ovh
+            chart_ref: tmp/cert-manager-webhook-ovh/deploy/cert-manager-webhook-ovh
+            release_namespace: "{{ cert_manager_namespace }}"
+            values:
+#              groupName: '{{ cert_manager_issuer | selectattr("provider", "match", "ovh") | first }}'
+              groupName: '{{ cert_manager_issuer | json_query(\"[?provider=="ovh"]\") | first }}'
+#          with_items:
+#            - "{{ cert_manager_issuer | selectattr('ovh', 'in', provider) }}"
+#          when:
+#            - item.provider == "ovh"
+
+        - name: OVH WebHook dependency
+          kubernetes.core.k8s:
+            state: present
+            context: "{{ my_context }}"
+            apply: true
+            namespace: "{{ cert_manager_namespace }}"
+            resource_definition: "{{ lookup('template', item) | from_yaml }}"
+          with_items:
+            - cert-manager-webhook-ovh-Role.yml.j2
+            - cert-manager-webhook-ovh-RoleBinding.yml.j2
+
+      when:
+        - false
+        - cert_manager_issuer is defined
+        - cert_manager_issuer.[].provider == "ovh"

 # https://smallstep.com/
 # https://github.com/smallstep/step-issuer
-  - name: Install Step webhook
-    block:
-#    - name: SmallStep PVC
-#      kubernetes.core.k8s:
-#        state: present
-#        context: "{{ my_context }}"
-#        namespace: "cert-manager"
-#        resource_definition: "{{ lookup('template', 'smallstep-pvc.yml.j2') | from_yaml }}"
-    - name: Defined smallstep repository
-      kubernetes.core.helm_repository:
-        name: smallstep
-        repo_url: "https://smallstep.github.io/helm-charts/"
-    # https://github.com/smallstep/step-issuer
-    - name: Deploy step-certificates chart
-      kubernetes.core.helm:
-        state: present
-        name: step-certificates
-        context: "{{ my_context }}"
-        chart_ref: smallstep/step-certificates
-        release_namespace: "{{ cert_manager_namespace }}"
-#        values:
-#          ca:
-#            provisioner:
-#              name: "admin"
-#            db:
-#              existingClaim: smallstep
-    # https://github.com/smallstep/helm-charts/tree/master/step-issuer
-    - name: Deploy step-certificates chart
-      kubernetes.core.helm:
-        state: present
-        name: step-issuer
-        context: "{{ my_context }}"
-        chart_ref: smallstep/step-issuer
-        release_namespace: "{{ cert_manager_namespace }}"
-    when:
-      - false
-      - cert_manager_issuer is defined
-      - cert_manager_issuer.[].provider == "step"
-
-  - name: Add ClusterIssuers
-    block:
-    - name: Create Secret object for API Key authentification
-      kubernetes.core.k8s:
-        state: present
-        context: "{{ my_context }}"
-        apply: true
-        namespace: "{{ cert_manager_namespace }}"
-        resource_definition: "{{ lookup('template', 'api-key-secret.yml.j2') | from_yaml_all }}"
-      with_items:
-        - "{{ cert_manager_issuer }}"
-        #- "{{ cert_manager_issuer | json_query(\"solvers.[?solver=="dns01"]\") }}"
+    - name: Install Step webhook
+      block:
+#        - name: SmallStep PVC
+#          kubernetes.core.k8s:
+#            state: present
+#            context: "{{ my_context }}"
+#            namespace: "cert-manager"
+#            resource_definition: "{{ lookup('template', 'smallstep-pvc.yml.j2') | from_yaml }}"
+        - name: Defined smallstep repository
+          kubernetes.core.helm_repository:
+            name: smallstep
+            repo_url: "https://smallstep.github.io/helm-charts/"
+        # https://github.com/smallstep/step-issuer
+        - name: Deploy step-certificates chart
+          kubernetes.core.helm:
+            state: present
+            name: step-certificates
+            context: "{{ my_context }}"
+            chart_ref: smallstep/step-certificates
+            release_namespace: "{{ cert_manager_namespace }}"
+#            values:
+#              ca:
+#                provisioner:
+#                  name: "admin"
+#                db:
+#                  existingClaim: smallstep
+        # https://github.com/smallstep/helm-charts/tree/master/step-issuer
+        - name: Deploy step-certificates chart
+          kubernetes.core.helm:
+            state: present
+            name: step-issuer
+            context: "{{ my_context }}"
+            chart_ref: smallstep/step-issuer
+            release_namespace: "{{ cert_manager_namespace }}"
      when:
-        - item.acme_provider is defined
-        - item.solvers is defined
-        #- item.solvers.[].solver == "dns01"
-        #- item.solvers.[].dns_provider is defined
+        - false
+        - cert_manager_issuer is defined
+        - cert_manager_issuer.[].provider == "step"
+
+    - name: Add ClusterIssuers
+      block:
+        - name: Create Secret object for API Key authentification
+          kubernetes.core.k8s:
+            state: present
+            context: "{{ my_context }}"
+            apply: true
+            namespace: "{{ cert_manager_namespace }}"
+            resource_definition: "{{ lookup('template', 'api-key-secret.yml.j2') | from_yaml_all }}"
+          with_items:
+            - "{{ cert_manager_issuer }}"
+            # - "{{ cert_manager_issuer | json_query(\"solvers.[?solver=="dns01"]\") }}"
+          when:
+            - item.acme_provider is defined
+            - item.solvers is defined
+            # - item.solvers.[].solver == "dns01"
+            # - item.solvers.[].dns_provider is defined

 # Tempo ici

-    - name: Defined ClusterIssuers
-      kubernetes.core.k8s:
-        state: present
-        context: "{{ my_context }}"
-        apply: true
-        namespace: "{{ cert_manager_namespace }}"
-        resource_definition: "{{ lookup('template', 'clusterissuer.yml.j2') | from_yaml }}"
-#      debug:
-#        msg: "{{ lookup('template', item) | from_yaml }}"
-      with_items:
-        - "{{ cert_manager_issuer }}"
+        - name: Defined ClusterIssuers
+          kubernetes.core.k8s:
+            state: present
+            context: "{{ my_context }}"
+            apply: true
+            namespace: "{{ cert_manager_namespace }}"
+            resource_definition: "{{ lookup('template', 'clusterissuer.yml.j2') | from_yaml }}"
+  #        debug:
+  #          msg: "{{ lookup('template', item) | from_yaml }}"
+          with_items:
+            - "{{ cert_manager_issuer }}"

-    when:
-      - cert_manager_issuer is defined
+      when:
+        - cert_manager_issuer is defined

  tags: cert-manager

@ -148,7 +148,7 @@
    name: cert-manager-csi-driver
    chart_ref: jetstack/cert-manager-csi-driver
    chart_version: "{{ certmanager_csi_version }}"
-    create_namespace: yes
+    create_namespace: true
    release_namespace: "{{ cert_manager_namespace }}"
  when:
    - certmanager_csi|bool