cert issuer and ingress controller

2022-12-09 21:26:01 +13:00
parent b352a796e0
commit a985895225
7 changed files with 1458 additions and 3 deletions
--- a/ansible/roles/k8s_cert_manager/tasks/main.yaml
+++ b/ansible/roles/k8s_cert_manager/tasks/main.yaml
@ -9,4 +9,43 @@
 - name: install cert manager manifest to cluster
  kubernetes.core.k8s:
    state: present
-    src: "{{ ansible_search_path[0] }}/files/cert_manager_{{ cert_manager_version }}.yaml"
+    src: "{{ ansible_search_path[0] }}/files/cert_manager_{{ cert_manager_version }}.yaml"
+
+- name: set fact for acme account secret
+  ansible.builtin.set_fact:
+    cert_manager_acme_secret:
+
+- name: set fact for dns tsig secret
+  ansible.builtin.set_fact:
+    cert_manager_secret_tsig:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: cert-manager-secret-acme
+        namespace: 
+      type: Opaque
+      stringData: |
+        key: 
+
+- name: set cert issuer fact
+  ansible.builtin.set_fact:
+    cert_issuer:
+      apiVersion: cert-manager.io/v1
+      kind: ClusterIssuer
+      metadata:
+        name: lets-encrypt-staging
+      spec:
+        acme:
+          email: lets-encrypt@balsillie.email
+          server: https://acme-staging-v02.api.letsencrypt.org/directory
+          privateKeySecretRef:
+            name: cert-manager-secret-acme
+          solvers:
+            - dns01:
+                rfc2136:
+                  nameserver: 2a01:4f8:13b:f203::ecc:53
+                  tsigKeyName: cert-manager-tsig
+                  tsigAlgorithm: HMACSHA512
+                  tsigSecretSecretRef:
+                    name: cert-manager-secret-tsig
+                    key: key