- name: Cert Manager setup block: - name: Defined jetstack repository community.kubernetes.helm_repository: name: jetstack repo_url: "https://charts.jetstack.io" - name: Deploy latest version of Cert-Manager community.kubernetes.helm: context: "{{ my_context }}" name: cert-manager chart_ref: jetstack/cert-manager create_namespace: yes release_namespace: "{{ cert_manager_namespace }}" values: installCRDs: true global: podSecurityPolicy: enabled: true useAppArmor: false extraArgs: - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53 - name: Create Secret object for API Key authentification k8s: state: present context: "{{ my_context }}" apply: true namespace: "{{ cert_manager_namespace }}" resource_definition: "{{ lookup('template', 'api-key-secret.yml.j2') | from_yaml }}" when: - cert_manager_issuer is defined with_items: - "{{ cert_manager_issuer }}" - name: Defined ClusterIssuers k8s: state: present context: "{{ my_context }}" apply: true namespace: "{{ cert_manager_namespace }}" resource_definition: "{{ lookup('template', item) | from_yaml }}" # debug: # msg: "{{ lookup('template', item) | from_yaml }}" with_items: - clusterissuer.yml.j2 when: # - false - cert_manager_issuer is defined # https://github.com/baarde/cert-manager-webhook-ovh/tree/master/deploy/cert-manager-webhook-ovh - name: Install OVH webhook block: - name: Git clone stable repo on HEAD ansible.builtin.git: repo: "https://github.com/baarde/cert-manager-webhook-ovh.git" dest: tmp/cert-manager-webhook-ovh - name: Deploy OVH webhook chart from local path community.kubernetes.helm: state: present context: "{{ my_context }}" name: cert-manager-webhook-ovh chart_ref: tmp/cert-manager-webhook-ovh/deploy/cert-manager-webhook-ovh release_namespace: "{{ cert_manager_namespace }}" when: - false - cert_manager_issuer.[].provider == "ovh" tags: cert-manager - name: install / uninstall Cert-Manager CSI Kubernetes drivers include_tasks: "csi.yml" when: - certmanager_csi|bool tags: - cert-manager - storage