From 6d78359203763a0ccb0105a8f56b0fdb2a3bc5c7 Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Tue, 10 May 2022 00:34:21 +0200 Subject: [PATCH] Serialize ClusterIssuers creation --- tasks/main.yml | 22 +++++++--------------- templates/api-key-secret.yml.j2 | 8 ++++---- templates/clusterissuer.yml.j2 | 10 ++++++---- 3 files changed, 17 insertions(+), 23 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 436e5d0..0330145 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -112,22 +112,14 @@ apply: true namespace: "{{ cert_manager_namespace }}" resource_definition: "{{ lookup('template', 'api-key-secret.yml.j2') | from_yaml }}" + with_items: + - "{{ cert_manager_issuer }}" + when: + - item.acme_provider is defined + - item.dns_provider is defined # Tempo ici -# - name: Define SelfSigned ClusterIssuer -# kubernetes.core.k8s: -# state: present -# context: "{{ my_context }}" -## namespace: "{{ cert_manager_namespace }}" -# definition: -# apiVersion: cert-manager.io/v1 -# kind: ClusterIssuer -# metadata: -# name: selfsigned -# spec: -# selfSigned: {} - - name: Defined ClusterIssuers kubernetes.core.k8s: state: present @@ -137,9 +129,9 @@ resource_definition: "{{ lookup('template', 'clusterissuer.yml.j2') | from_yaml }}" # debug: # msg: "{{ lookup('template', item) | from_yaml }}" + with_items: + - "{{ cert_manager_issuer }}" - with_items: - - "{{ cert_manager_issuer }}" when: - cert_manager_issuer is defined diff --git a/templates/api-key-secret.yml.j2 b/templates/api-key-secret.yml.j2 index 5af3008..a595b0f 100644 --- a/templates/api-key-secret.yml.j2 +++ b/templates/api-key-secret.yml.j2 @@ -2,13 +2,13 @@ apiVersion: v1 kind: Secret metadata: - name: "{{ item.provider }}-api-key" + name: "{{ item.dns_provider }}-api-key" type: Opaque data: -{% if item.provider == "cloudflare" %} +{% if item.dns_provider == "cloudflare" %} api-key: "{{ item.cloudflare_api_key | b64encode }}" -{% elif item.provider == "route53" %} +{% elif item.dns_provider == "route53" %} secret-access-key: "{{ lookup('hashi_vault', 'secret=clusters/route53:secret-access-key') | b64encode }}" -{% elif item.provider == "ovh" %} +{% elif item.dns_provider == "ovh" %} applicationSecret: "{{ item.applicationSecret | b64encode }}" {% endif %} diff --git a/templates/clusterissuer.yml.j2 b/templates/clusterissuer.yml.j2 index 0d7cf37..561021a 100644 --- a/templates/clusterissuer.yml.j2 +++ b/templates/clusterissuer.yml.j2 @@ -4,14 +4,14 @@ kind: ClusterIssuer metadata: name: {{ item.name }} spec: -{% if acme_provider is defined %} +{% if item.acme_provider is defined %} acme: -{% if acme_provider == "letsencrypt" %} +{% if item.acme_provider == "letsencrypt" %} email: "{{ cert_manager_acme_email }}" server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: {{ item.name }}-account-key -{% elif acme_provider == "zerossl" %} +{% elif item.acme_provider == "zerossl" %} server: https://acme.zerossl.com/v2/DV90 externalAccountBinding: keyID: YOUR_EAB_KID @@ -25,7 +25,7 @@ spec: {% endif %} solvers: -{% for i in item %} +{% for i in item.solvers %} - {{ i.solver }}: {% if i.solver == "dns01" %} {% if i.dns_provider == "cloudflare" %} @@ -58,9 +58,11 @@ spec: ingress: class: traefik {% endif %} +{% if i.domain is defined %} selector: dnsZones: - "{{ i.domain }}" +{% endif %} {% endfor %} {% else %} selfSigned: {}