adrien/ansible-role-k8s-cert-manager
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Serialize ClusterIssuers creation
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse source
This commit is contained in:
Adrien Reslinger 2022-05-10 00:34:21 +02:00
parent 444ed560eb
commit 6d78359203
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
3 changed files with 17 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

20
tasks/main.yml
View file

@ -112,22 +112,14 @@
apply: true apply: true
namespace: "{{ cert_manager_namespace }}" namespace: "{{ cert_manager_namespace }}"
resource_definition: "{{ lookup('template', 'api-key-secret.yml.j2') | from_yaml }}" resource_definition: "{{ lookup('template', 'api-key-secret.yml.j2') | from_yaml }}"
with_items:
- "{{ cert_manager_issuer }}"
when:
- item.acme_provider is defined
- item.dns_provider is defined
# Tempo ici # Tempo ici
# - name: Define SelfSigned ClusterIssuer
# kubernetes.core.k8s:
# state: present
# context: "{{ my_context }}"
## namespace: "{{ cert_manager_namespace }}"
# definition:
# apiVersion: cert-manager.io/v1
# kind: ClusterIssuer
# metadata:
# name: selfsigned
# spec:
# selfSigned: {}
- name: Defined ClusterIssuers - name: Defined ClusterIssuers
kubernetes.core.k8s: kubernetes.core.k8s:
state: present state: present
@ -137,9 +129,9 @@
resource_definition: "{{ lookup('template', 'clusterissuer.yml.j2') | from_yaml }}" resource_definition: "{{ lookup('template', 'clusterissuer.yml.j2') | from_yaml }}"
# debug: # debug:
# msg: "{{ lookup('template', item) | from_yaml }}" # msg: "{{ lookup('template', item) | from_yaml }}"
with_items: with_items:
- "{{ cert_manager_issuer }}" - "{{ cert_manager_issuer }}"
when: when:
- cert_manager_issuer is defined - cert_manager_issuer is defined

8
templates/api-key-secret.yml.j2
View file

@ -2,13 +2,13 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: "{{ item.provider }}-api-key" name: "{{ item.dns_provider }}-api-key"
type: Opaque type: Opaque
data: data:
{% if item.provider == "cloudflare" %} {% if item.dns_provider == "cloudflare" %}
api-key: "{{ item.cloudflare_api_key | b64encode }}" api-key: "{{ item.cloudflare_api_key | b64encode }}"
{% elif item.provider == "route53" %} {% elif item.dns_provider == "route53" %}
secret-access-key: "{{ lookup('hashi_vault', 'secret=clusters/route53:secret-access-key') | b64encode }}" secret-access-key: "{{ lookup('hashi_vault', 'secret=clusters/route53:secret-access-key') | b64encode }}"
{% elif item.provider == "ovh" %} {% elif item.dns_provider == "ovh" %}
applicationSecret: "{{ item.applicationSecret | b64encode }}" applicationSecret: "{{ item.applicationSecret | b64encode }}"
{% endif %} {% endif %}

10
templates/clusterissuer.yml.j2
View file

@ -4,14 +4,14 @@ kind: ClusterIssuer
metadata: metadata:
name: {{ item.name }} name: {{ item.name }}
spec: spec:
{% if acme_provider is defined %} {% if item.acme_provider is defined %}
acme: acme:
{% if acme_provider == "letsencrypt" %} {% if item.acme_provider == "letsencrypt" %}
email: "{{ cert_manager_acme_email }}" email: "{{ cert_manager_acme_email }}"
server: https://acme-v02.api.letsencrypt.org/directory server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef: privateKeySecretRef:
name: {{ item.name }}-account-key name: {{ item.name }}-account-key
{% elif acme_provider == "zerossl" %} {% elif item.acme_provider == "zerossl" %}
server: https://acme.zerossl.com/v2/DV90 server: https://acme.zerossl.com/v2/DV90
externalAccountBinding: externalAccountBinding:
keyID: YOUR_EAB_KID keyID: YOUR_EAB_KID
@ -25,7 +25,7 @@ spec:
{% endif %} {% endif %}
solvers: solvers:
{% for i in item %} {% for i in item.solvers %}
- {{ i.solver }}: - {{ i.solver }}:
{% if i.solver == "dns01" %} {% if i.solver == "dns01" %}
{% if i.dns_provider == "cloudflare" %} {% if i.dns_provider == "cloudflare" %}
@ -58,9 +58,11 @@ spec:
ingress: ingress:
class: traefik class: traefik
{% endif %} {% endif %}
{% if i.domain is defined %}
selector: selector:
dnsZones: dnsZones:
- "{{ i.domain }}" - "{{ i.domain }}"
{% endif %}
{% endfor %} {% endfor %}
{% else %} {% else %}
selfSigned: {} selfSigned: {}