Adrien Reslinger
e35eca8e87
All checks were successful
continuous-integration/drone/push Build is passing
104 lines
3.1 KiB
YAML
104 lines
3.1 KiB
YAML
- name: Cert Manager setup
|
|
block:
|
|
- name: Defined jetstack repository
|
|
community.kubernetes.helm_repository:
|
|
name: jetstack
|
|
repo_url: "https://charts.jetstack.io"
|
|
|
|
- name: Deploy latest version of Cert-Manager
|
|
community.kubernetes.helm:
|
|
context: "{{ my_context }}"
|
|
name: cert-manager
|
|
chart_ref: jetstack/cert-manager
|
|
chart_version: "{{ certmanager_version }}"
|
|
create_namespace: yes
|
|
release_namespace: "{{ cert_manager_namespace }}"
|
|
values:
|
|
installCRDs: true
|
|
global:
|
|
podSecurityPolicy:
|
|
enabled: true
|
|
useAppArmor: false
|
|
extraArgs:
|
|
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
|
|
|
|
- name: Create Secret object for API Key authentification
|
|
k8s:
|
|
state: present
|
|
context: "{{ my_context }}"
|
|
apply: true
|
|
namespace: "{{ cert_manager_namespace }}"
|
|
resource_definition: "{{ lookup('template', 'api-key-secret.yml.j2') | from_yaml }}"
|
|
when:
|
|
- cert_manager_issuer is defined
|
|
with_items:
|
|
- "{{ cert_manager_issuer }}"
|
|
|
|
# Tempo ici
|
|
|
|
- name: Defined ClusterIssuers
|
|
k8s:
|
|
state: present
|
|
context: "{{ my_context }}"
|
|
apply: true
|
|
namespace: "{{ cert_manager_namespace }}"
|
|
resource_definition: "{{ lookup('template', item) | from_yaml }}"
|
|
# debug:
|
|
# msg: "{{ lookup('template', item) | from_yaml }}"
|
|
with_items:
|
|
- clusterissuer.yml.j2
|
|
when:
|
|
# - false
|
|
- cert_manager_issuer is defined
|
|
|
|
# https://github.com/baarde/cert-manager-webhook-ovh/tree/master/deploy/cert-manager-webhook-ovh
|
|
- name: Install OVH webhook
|
|
block:
|
|
- name: Git clone stable repo on HEAD
|
|
ansible.builtin.git:
|
|
repo: "https://github.com/baarde/cert-manager-webhook-ovh.git"
|
|
dest: tmp/cert-manager-webhook-ovh
|
|
|
|
- name: Deploy OVH webhook chart from local path
|
|
run_once: true
|
|
community.kubernetes.helm:
|
|
state: present
|
|
context: "{{ my_context }}"
|
|
name: cert-manager-webhook-ovh
|
|
chart_ref: tmp/cert-manager-webhook-ovh/deploy/cert-manager-webhook-ovh
|
|
release_namespace: "{{ cert_manager_namespace }}"
|
|
values:
|
|
# groupName: '{{ cert_manager_issuer | selectattr("provider", "match", "ovh") | first }}'
|
|
groupName: '{{ cert_manager_issuer | json_query(\"[?provider=="ovh"]\") | first }}'
|
|
# with_items:
|
|
# - "{{ cert_manager_issuer | selectattr('ovh', 'in', provider) }}"
|
|
# when:
|
|
# - item.provider == "ovh"
|
|
|
|
- name: OVH WebHook dependency
|
|
k8s:
|
|
state: present
|
|
context: "{{ my_context }}"
|
|
apply: true
|
|
namespace: "{{ cert_manager_namespace }}"
|
|
resource_definition: "{{ lookup('template', item) | from_yaml }}"
|
|
with_items:
|
|
- cert-manager-webhook-ovh-Role.yml.j2
|
|
- cert-manager-webhook-ovh-RoleBinding.yml.j2
|
|
|
|
when:
|
|
- false
|
|
- cert_manager_issuer is defined
|
|
- cert_manager_issuer.[].provider == "ovh"
|
|
|
|
tags: cert-manager
|
|
|
|
|
|
|
|
- name: install / uninstall Cert-Manager CSI Kubernetes drivers
|
|
include_tasks: "csi.yml"
|
|
when:
|
|
- certmanager_csi|bool
|
|
tags:
|
|
- cert-manager
|
|
- storage
|