---

- name: Install cert-manager via helm
  kubernetes.core.helm:
    name: cert-manager
    chart_repo_url: "{{ k8s_certmanager_helm__chart_repo_url | default('https://charts.jetstack.io') }}"
    chart_ref: "{{ k8s_certmanager_helm__chart_ref | default('cert-manager') }}"
    chart_version: "{{ k8s_certmanager_helm__chart_version | default('v1.5.4') }}"
    release_namespace: "{{ k8s_certmanager_helm__release_namespace | default('cert-manager') }}"
    create_namespace: yes
    release_values: "{{ k8s_certmanager_helm__release_values }}"
  when:
  - inventory_hostname == groups['kube_control_plane'][0]

- name: Create secret for digitalocean-dns
  kubernetes.core.k8s:
    definition:
      api_version: v1
      kind: Secret
      metadata:
        namespace: "{{ k8s_certmanager_helm__release_namespace | default('cert-manager') }}"
        name: digitalocean-dns
      type: Opaque
      data:
        access-token: "{{ digitalocean_authentication_token | string | b64encode }}"
  when: 
  - inventory_hostname == groups['kube_control_plane'][0]

- name: Create ClusterIssuer_letsencrypt_prod 
  kubernetes.core.k8s:
    definition:
      api_version: cert-manager.io/v1
      kind: ClusterIssuer
      metadata:
        name: "letsencrypt-{{ item.key }}"
      spec:
        acme:
          email: "{{ item.value.email }}"
          server: "{{ item.value.server }}"
          privateKeySecretRef:
            name: issuer-account-key
          solvers:
          - dns01:
              digitalocean:
                tokenSecretRef:
                  name: digitalocean-dns
                  key: access-token
            selector:
              dnsZones:
              - 'smardigo.digital'
  loop: "{{ k8s_certmanager_helm__cluster_issuers | dict2items }}"
  when: 
  - inventory_hostname == groups['kube_control_plane'][0]