69 lines
1.7 KiB
YAML
69 lines
1.7 KiB
YAML
---
|
|
- name: Create cert-manager namespace
|
|
ansible.builtin.command:
|
|
argv:
|
|
- kubectl
|
|
- apply
|
|
- -f
|
|
- "{{ noble_repo_root }}/clusters/noble/bootstrap/cert-manager/namespace.yaml"
|
|
environment:
|
|
KUBECONFIG: "{{ noble_kubeconfig }}"
|
|
changed_when: true
|
|
|
|
- name: Install cert-manager
|
|
ansible.builtin.command:
|
|
argv:
|
|
- helm
|
|
- upgrade
|
|
- --install
|
|
- cert-manager
|
|
- jetstack/cert-manager
|
|
- --namespace
|
|
- cert-manager
|
|
- --version
|
|
- v1.20.0
|
|
- -f
|
|
- "{{ noble_repo_root }}/clusters/noble/bootstrap/cert-manager/values.yaml"
|
|
- --wait
|
|
environment:
|
|
KUBECONFIG: "{{ noble_kubeconfig }}"
|
|
changed_when: true
|
|
|
|
- name: Apply secrets from repository .env (optional)
|
|
ansible.builtin.include_tasks: from_env.yml
|
|
|
|
- name: Check Cloudflare DNS API token Secret (required for ClusterIssuers)
|
|
ansible.builtin.command:
|
|
argv:
|
|
- kubectl
|
|
- -n
|
|
- cert-manager
|
|
- get
|
|
- secret
|
|
- cloudflare-dns-api-token
|
|
environment:
|
|
KUBECONFIG: "{{ noble_kubeconfig }}"
|
|
register: noble_cf_secret
|
|
failed_when: false
|
|
changed_when: false
|
|
|
|
- name: Warn when Cloudflare Secret is missing
|
|
ansible.builtin.debug:
|
|
msg: >-
|
|
Secret cert-manager/cloudflare-dns-api-token not found.
|
|
Create it per clusters/noble/bootstrap/cert-manager/README.md before ClusterIssuers can succeed.
|
|
when:
|
|
- noble_cert_manager_require_cloudflare_secret | default(true) | bool
|
|
- noble_cf_secret.rc != 0
|
|
|
|
- name: Apply ClusterIssuers (staging + prod)
|
|
ansible.builtin.command:
|
|
argv:
|
|
- kubectl
|
|
- apply
|
|
- -k
|
|
- "{{ noble_repo_root }}/clusters/noble/bootstrap/cert-manager"
|
|
environment:
|
|
KUBECONFIG: "{{ noble_kubeconfig }}"
|
|
changed_when: true
|