adrien/ansible-role-k8s-cert-manager
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Update cert-manager to version 1.9.0
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse source
This commit is contained in:
Adrien Reslinger 2022-07-22 21:57:36 +02:00
parent a38f0dee43
commit 5d75946311
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
3 changed files with 127 additions and 127 deletions
Download patch file Download diff file Expand all files Collapse all files

2
defaults/main.yml
View file

@ -2,6 +2,6 @@ my_context: local
ingress_domain: "local" ingress_domain: "local"
cert_manager_namespace: "cert-manager" cert_manager_namespace: "cert-manager"
certmanager_version: "1.8.2" certmanager_version: "1.9.0"
certmanager_csi: true certmanager_csi: true
certmanager_csi_version: "0.3.0" certmanager_csi_version: "0.3.0"

6
meta/main.yml
View file

@ -6,6 +6,6 @@ galaxy_info:
galaxy_tags: [] galaxy_tags: []
license: GPL2 license: GPL2
platforms: platforms:
- name: kubernetes - name: kubernetes
version: version:
- all - all

246
tasks/main.yml
View file

@ -1,142 +1,142 @@
- name: Cert Manager setup - name: Cert Manager setup
block: block:
- name: Defined jetstack repository - name: Defined jetstack repository
kubernetes.core.helm_repository: kubernetes.core.helm_repository:
name: jetstack name: jetstack
repo_url: "https://charts.jetstack.io" repo_url: "https://charts.jetstack.io"
- name: Deploy latest version of Cert-Manager - name: Deploy latest version of Cert-Manager
kubernetes.core.helm:
context: "{{ my_context }}"
name: cert-manager
chart_ref: jetstack/cert-manager
chart_version: "{{ certmanager_version }}"
create_namespace: yes
release_namespace: "{{ cert_manager_namespace }}"
values:
installCRDs: true
# global:
# podSecurityPolicy:
# enabled: true
# useAppArmor: false
extraArgs:
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
# https://github.com/baarde/cert-manager-webhook-ovh/tree/master/deploy/cert-manager-webhook-ovh
- name: Install OVH webhook
block:
- name: Git clone stable repo on HEAD
ansible.builtin.git:
repo: "https://github.com/baarde/cert-manager-webhook-ovh.git"
dest: tmp/cert-manager-webhook-ovh
- name: Deploy OVH webhook chart from local path
run_once: true
kubernetes.core.helm: kubernetes.core.helm:
state: present
context: "{{ my_context }}" context: "{{ my_context }}"
name: cert-manager-webhook-ovh name: cert-manager
chart_ref: tmp/cert-manager-webhook-ovh/deploy/cert-manager-webhook-ovh chart_ref: jetstack/cert-manager
chart_version: "{{ certmanager_version }}"
create_namespace: true
release_namespace: "{{ cert_manager_namespace }}" release_namespace: "{{ cert_manager_namespace }}"
values: values:
# groupName: '{{ cert_manager_issuer | selectattr("provider", "match", "ovh") | first }}' installCRDs: true
groupName: '{{ cert_manager_issuer | json_query(\"[?provider=="ovh"]\") | first }}' # global:
# with_items: # podSecurityPolicy:
# - "{{ cert_manager_issuer | selectattr('ovh', 'in', provider) }}" # enabled: true
# when: # useAppArmor: false
# - item.provider == "ovh" extraArgs:
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
- name: OVH WebHook dependency # https://github.com/baarde/cert-manager-webhook-ovh/tree/master/deploy/cert-manager-webhook-ovh
kubernetes.core.k8s: - name: Install OVH webhook
state: present block:
context: "{{ my_context }}" - name: Git clone stable repo on HEAD
apply: true ansible.builtin.git:
namespace: "{{ cert_manager_namespace }}" repo: "https://github.com/baarde/cert-manager-webhook-ovh.git"
resource_definition: "{{ lookup('template', item) | from_yaml }}" dest: tmp/cert-manager-webhook-ovh
with_items:
- cert-manager-webhook-ovh-Role.yml.j2
- cert-manager-webhook-ovh-RoleBinding.yml.j2
when: - name: Deploy OVH webhook chart from local path
- false run_once: true
- cert_manager_issuer is defined kubernetes.core.helm:
- cert_manager_issuer.[].provider == "ovh" state: present
context: "{{ my_context }}"
name: cert-manager-webhook-ovh
chart_ref: tmp/cert-manager-webhook-ovh/deploy/cert-manager-webhook-ovh
release_namespace: "{{ cert_manager_namespace }}"
values:
# groupName: '{{ cert_manager_issuer | selectattr("provider", "match", "ovh") | first }}'
groupName: '{{ cert_manager_issuer | json_query(\"[?provider=="ovh"]\") | first }}'
# with_items:
# - "{{ cert_manager_issuer | selectattr('ovh', 'in', provider) }}"
# when:
# - item.provider == "ovh"
- name: OVH WebHook dependency
kubernetes.core.k8s:
state: present
context: "{{ my_context }}"
apply: true
namespace: "{{ cert_manager_namespace }}"
resource_definition: "{{ lookup('template', item) | from_yaml }}"
with_items:
- cert-manager-webhook-ovh-Role.yml.j2
- cert-manager-webhook-ovh-RoleBinding.yml.j2
when:
- false
- cert_manager_issuer is defined
- cert_manager_issuer.[].provider == "ovh"
# https://smallstep.com/ # https://smallstep.com/
# https://github.com/smallstep/step-issuer # https://github.com/smallstep/step-issuer
- name: Install Step webhook - name: Install Step webhook
block: block:
# - name: SmallStep PVC # - name: SmallStep PVC
# kubernetes.core.k8s: # kubernetes.core.k8s:
# state: present # state: present
# context: "{{ my_context }}" # context: "{{ my_context }}"
# namespace: "cert-manager" # namespace: "cert-manager"
# resource_definition: "{{ lookup('template', 'smallstep-pvc.yml.j2') | from_yaml }}" # resource_definition: "{{ lookup('template', 'smallstep-pvc.yml.j2') | from_yaml }}"
- name: Defined smallstep repository - name: Defined smallstep repository
kubernetes.core.helm_repository: kubernetes.core.helm_repository:
name: smallstep name: smallstep
repo_url: "https://smallstep.github.io/helm-charts/" repo_url: "https://smallstep.github.io/helm-charts/"
# https://github.com/smallstep/step-issuer # https://github.com/smallstep/step-issuer
- name: Deploy step-certificates chart - name: Deploy step-certificates chart
kubernetes.core.helm: kubernetes.core.helm:
state: present state: present
name: step-certificates name: step-certificates
context: "{{ my_context }}" context: "{{ my_context }}"
chart_ref: smallstep/step-certificates chart_ref: smallstep/step-certificates
release_namespace: "{{ cert_manager_namespace }}" release_namespace: "{{ cert_manager_namespace }}"
# values: # values:
# ca: # ca:
# provisioner: # provisioner:
# name: "admin" # name: "admin"
# db: # db:
# existingClaim: smallstep # existingClaim: smallstep
# https://github.com/smallstep/helm-charts/tree/master/step-issuer # https://github.com/smallstep/helm-charts/tree/master/step-issuer
- name: Deploy step-certificates chart - name: Deploy step-certificates chart
kubernetes.core.helm: kubernetes.core.helm:
state: present state: present
name: step-issuer name: step-issuer
context: "{{ my_context }}" context: "{{ my_context }}"
chart_ref: smallstep/step-issuer chart_ref: smallstep/step-issuer
release_namespace: "{{ cert_manager_namespace }}" release_namespace: "{{ cert_manager_namespace }}"
when:
- false
- cert_manager_issuer is defined
- cert_manager_issuer.[].provider == "step"
- name: Add ClusterIssuers
block:
- name: Create Secret object for API Key authentification
kubernetes.core.k8s:
state: present
context: "{{ my_context }}"
apply: true
namespace: "{{ cert_manager_namespace }}"
resource_definition: "{{ lookup('template', 'api-key-secret.yml.j2') | from_yaml_all }}"
with_items:
- "{{ cert_manager_issuer }}"
#- "{{ cert_manager_issuer | json_query(\"solvers.[?solver=="dns01"]\") }}"
when: when:
- item.acme_provider is defined - false
- item.solvers is defined - cert_manager_issuer is defined
#- item.solvers.[].solver == "dns01" - cert_manager_issuer.[].provider == "step"
#- item.solvers.[].dns_provider is defined
- name: Add ClusterIssuers
block:
- name: Create Secret object for API Key authentification
kubernetes.core.k8s:
state: present
context: "{{ my_context }}"
apply: true
namespace: "{{ cert_manager_namespace }}"
resource_definition: "{{ lookup('template', 'api-key-secret.yml.j2') | from_yaml_all }}"
with_items:
- "{{ cert_manager_issuer }}"
# - "{{ cert_manager_issuer | json_query(\"solvers.[?solver=="dns01"]\") }}"
when:
- item.acme_provider is defined
- item.solvers is defined
# - item.solvers.[].solver == "dns01"
# - item.solvers.[].dns_provider is defined
# Tempo ici # Tempo ici
- name: Defined ClusterIssuers - name: Defined ClusterIssuers
kubernetes.core.k8s: kubernetes.core.k8s:
state: present state: present
context: "{{ my_context }}" context: "{{ my_context }}"
apply: true apply: true
namespace: "{{ cert_manager_namespace }}" namespace: "{{ cert_manager_namespace }}"
resource_definition: "{{ lookup('template', 'clusterissuer.yml.j2') | from_yaml }}" resource_definition: "{{ lookup('template', 'clusterissuer.yml.j2') | from_yaml }}"
# debug: # debug:
# msg: "{{ lookup('template', item) | from_yaml }}" # msg: "{{ lookup('template', item) | from_yaml }}"
with_items: with_items:
- "{{ cert_manager_issuer }}" - "{{ cert_manager_issuer }}"
when: when:
- cert_manager_issuer is defined - cert_manager_issuer is defined
tags: cert-manager tags: cert-manager
@ -148,7 +148,7 @@
name: cert-manager-csi-driver name: cert-manager-csi-driver
chart_ref: jetstack/cert-manager-csi-driver chart_ref: jetstack/cert-manager-csi-driver
chart_version: "{{ certmanager_csi_version }}" chart_version: "{{ certmanager_csi_version }}"
create_namespace: yes create_namespace: true
release_namespace: "{{ cert_manager_namespace }}" release_namespace: "{{ cert_manager_namespace }}"
when: when:
- certmanager_csi|bool - certmanager_csi|bool