- name: Cert Manager setup
  block:
  - name: Defined jetstack repository
    community.kubernetes.helm_repository:
      name: jetstack
      repo_url: "https://charts.jetstack.io"

  - name: Deploy latest version of Cert-Manager
    community.kubernetes.helm:
      context: "{{ my_context }}"
      name: cert-manager
      chart_ref: jetstack/cert-manager
      create_namespace: yes
      release_namespace: "{{ cert_manager_namespace }}"
      values:
        installCRDs: true
        global:
          podSecurityPolicy:
            enabled: true
            useAppArmor: false

  - name: Create Secret object for API Key authentification
    k8s:
      state: present
      context: "{{ my_context }}"
      apply: true
      namespace: "{{ cert_manager_namespace }}"
      resource_definition: "{{ lookup('template', 'api-key-secret.yml.j2') | from_yaml }}"
    when:
      - cert_manager_issuer is defined
    with_items:
      - "{{ cert_manager_issuer }}"

  - name: Defined ClusterIssuers
    k8s:
      state: present
      context: "{{ my_context }}"
      apply: true
      namespace: "{{ cert_manager_namespace }}"
      resource_definition: "{{ lookup('template', item) | from_yaml }}"
#    debug:
#      msg: "{{ lookup('template', item) | from_yaml }}"
    with_items:
      - clusterissuer.yml.j2
    when:
#      - false
      - cert_manager_issuer is defined

  tags: cert-manager



- name: install / uninstall Cert-Manager CSI Kubernetes drivers
  include_tasks: "csi.yml"
  when:
    - certmanager_csi|bool
  tags:
    - cert-manager
    - storage