51 lines
1.6 KiB
YAML
51 lines
1.6 KiB
YAML
---
|
|
- name: download the cert manager manifest
|
|
ansible.builtin.uri:
|
|
url: https://github.com/cert-manager/cert-manager/releases/download/{{ cert_manager_version }}/cert-manager.yaml
|
|
dest: "{{ ansible_search_path[0] }}/files/cert_manager_{{ cert_manager_version }}.yaml"
|
|
creates: "{{ ansible_search_path[0] }}/files/cert_manager_{{ cert_manager_version }}.yaml"
|
|
mode: 0664
|
|
|
|
- name: install cert manager manifest to cluster
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
src: "{{ ansible_search_path[0] }}/files/cert_manager_{{ cert_manager_version }}.yaml"
|
|
|
|
- name: set fact for acme account secret
|
|
ansible.builtin.set_fact:
|
|
cert_manager_acme_secret:
|
|
|
|
- name: set fact for dns tsig secret
|
|
ansible.builtin.set_fact:
|
|
cert_manager_secret_tsig:
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: cert-manager-secret-acme
|
|
namespace:
|
|
type: Opaque
|
|
stringData: |
|
|
key:
|
|
|
|
- name: set cert issuer fact
|
|
ansible.builtin.set_fact:
|
|
cert_issuer:
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: lets-encrypt-staging
|
|
spec:
|
|
acme:
|
|
email: lets-encrypt@balsillie.email
|
|
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
|
privateKeySecretRef:
|
|
name: cert-manager-secret-acme
|
|
solvers:
|
|
- dns01:
|
|
rfc2136:
|
|
nameserver: 2a01:4f8:13b:f203::ecc:53
|
|
tsigKeyName: cert-manager-tsig
|
|
tsigAlgorithm: HMACSHA512
|
|
tsigSecretSecretRef:
|
|
name: cert-manager-secret-tsig
|
|
key: key |