You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
65 lines
1.8 KiB
YAML
65 lines
1.8 KiB
YAML
---
|
|
|
|
### tags:
|
|
### cert-manager
|
|
|
|
- name: Install cert-manager via helm
|
|
become: yes
|
|
kubernetes.core.helm:
|
|
name: cert-manager
|
|
chart_ref: "{{ k8s_certmanager_helm__chart_ref }}"
|
|
chart_repo_url: "{{ k8s_certmanager_helm__chart_repo_url }}"
|
|
release_namespace: "{{ k8s_certmanager_helm__release_namespace }}"
|
|
create_namespace: yes
|
|
release_values: "{{ k8s_certmanager_helm__release_values }}"
|
|
when:
|
|
- inventory_hostname == groups['kube_control_plane'][0]
|
|
tags:
|
|
- cert-manager
|
|
|
|
- name: Create secret for digitalocean-dns
|
|
become: yes
|
|
kubernetes.core.k8s:
|
|
definition:
|
|
api_version: v1
|
|
kind: Secret
|
|
metadata:
|
|
namespace: "{{ k8s_certmanager_helm__release_namespace | default('cert-manager') }}"
|
|
name: digitalocean-dns
|
|
type: Opaque
|
|
data:
|
|
access-token: "{{ digitalocean_authentication_token | string | b64encode }}"
|
|
when:
|
|
- inventory_hostname == groups['kube_control_plane'][0]
|
|
tags:
|
|
- cert-manager
|
|
|
|
- name: Create ClusterIssuer for letsencrypt (prod/staging)
|
|
become: yes
|
|
kubernetes.core.k8s:
|
|
definition:
|
|
api_version: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: "letsencrypt-{{ item.key }}"
|
|
spec:
|
|
acme:
|
|
email: "{{ item.value.email }}"
|
|
server: "{{ item.value.server }}"
|
|
privateKeySecretRef:
|
|
name: issuer-account-key
|
|
solvers:
|
|
- dns01:
|
|
digitalocean:
|
|
tokenSecretRef:
|
|
name: digitalocean-dns
|
|
key: access-token
|
|
selector:
|
|
dnsZones:
|
|
- 'smardigo.digital'
|
|
loop: "{{ k8s_certmanager_helm__cluster_issuers | dict2items }}"
|
|
when:
|
|
- inventory_hostname == groups['kube_control_plane'][0]
|
|
tags:
|
|
- cert-manager
|