---
- name: k8s-certmanager | install cert-manager via helm
  community.kubernetes.helm:
    name: cert-manager
    chart_ref: "{{ k8s_certmanager_helm__chart_ref | default('jetstack/cert-manager') }}"
    chart_version: "{{ k8s_certmanager_helm__chart_version | default('v1.5.4') }}"
    release_namespace: "{{ k8s_certmanager_helm__release_namespace | default('cert-manager') }}"
    create_namespace: yes
    release_values: "{{ k8s_certmanager_helm__release_values }}"
  when:
  - inventory_hostname == groups['kube-master'][0]

- name: k8s-certmanager | create secret for digitalocean-dns
  community.kubernetes.k8s:
    definition:
      api_version: v1
      kind: Secret
      metadata:
        namespace: "{{ k8s_certmanager_helm__release_namespace | default('cert-manager') }}"
        name: digitalocean-dns
      type: Opaque
      data:
        access-token: "{{ digitalocean_authentication_token | string | b64encode }}"
  when: 
  - inventory_hostname == groups['kube-master'][0]

- name: k8s-certmanager | create ClusterIssuer_letsencrypt_prod 
  community.kubernetes.k8s:
    definition:
      api_version: cert-manager.io/v1
      kind: ClusterIssuer
      metadata:
        name: "letsencrypt-{{ item.key }}"
      spec:
        acme:
          email: "{{ item.value.email }}"
          server: "{{ item.value.server }}"
          privateKeySecretRef:
            name: issuer-account-key
          solvers:
          - dns01:
              digitalocean:
                tokenSecretRef:
                  name: digitalocean-dns
                  key: access-token
            selector:
              dnsZones:
              - 'smardigo.digital'
  loop: "{{ k8s_certmanager_helm__cluster_issuers | dict2items }}"
  when: 
  - inventory_hostname == groups['kube-master'][0]