---
- name: download the cert manager manifest
  ansible.builtin.uri:
    url: https://github.com/cert-manager/cert-manager/releases/download/{{ cert_manager_version }}/cert-manager.yaml
    dest: "{{ ansible_search_path[0] }}/files/cert_manager_{{ cert_manager_version }}.yaml"
    creates: "{{ ansible_search_path[0] }}/files/cert_manager_{{ cert_manager_version }}.yaml"
    mode: 0664

- name: install cert manager manifest to cluster
  kubernetes.core.k8s:
    state: present
    src: "{{ ansible_search_path[0] }}/files/cert_manager_{{ cert_manager_version }}.yaml"

- name: set fact for acme account secret
  ansible.builtin.set_fact:
    cert_manager_acme_secret:

- name: set fact for dns tsig secret
  ansible.builtin.set_fact:
    cert_manager_secret_tsig:
      apiVersion: v1
      kind: Secret
      metadata:
        name: cert-manager-secret-acme
        namespace: 
      type: Opaque
      stringData: |
        key: 

- name: set cert issuer fact
  ansible.builtin.set_fact:
    cert_issuer:
      apiVersion: cert-manager.io/v1
      kind: ClusterIssuer
      metadata:
        name: lets-encrypt-staging
      spec:
        acme:
          email: lets-encrypt@balsillie.email
          server: https://acme-staging-v02.api.letsencrypt.org/directory
          privateKeySecretRef:
            name: cert-manager-secret-acme
          solvers:
            - dns01:
                rfc2136:
                  nameserver: 2a01:4f8:13b:f203::ecc:53
                  tsigKeyName: cert-manager-tsig
                  tsigAlgorithm: HMACSHA512
                  tsigSecretSecretRef:
                    name: cert-manager-secret-tsig
                    key: key