added k8s-cert-manager role

ansible/roles/k8s-cert-manager/README.md

@@ -0,0 +1,10 @@
+Role Name
+=========
+
+This roles installs cert-manager via helm with clusterissuer (staging and prod) for LetsEncrypt
+values.yaml and issuer manifests are in files/
+
+License
+-------
+
+BSD

ansible/roles/k8s-cert-manager/defaults/main.yml

@@ -0,0 +1,3 @@
+#SPDX-License-Identifier: MIT-0
+---
+# defaults file for k8s-cert-manager

ansible/roles/k8s-cert-manager/files/clusterissuer-prod.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: admin@nyxsec.de
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    solvers:
+    - http01:
+        ingress:
+          class: nginx

ansible/roles/k8s-cert-manager/files/clusterissuer-staging.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: admin@nyxsec.de
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    solvers:
+    - http01:
+        ingress:
+          class: nginx

ansible/roles/k8s-cert-manager/handlers/main.yml

@@ -0,0 +1,3 @@
+#SPDX-License-Identifier: MIT-0
+---
+# handlers file for k8s-cert-manager

ansible/roles/k8s-cert-manager/meta/main.yml

@@ -0,0 +1,35 @@
+#SPDX-License-Identifier: MIT-0
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

ansible/roles/k8s-cert-manager/tasks/main.yml

@@ -0,0 +1,52 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks file for k8s-cert-manager
+
+- name: Add helm repository
+  kubernetes.core.helm_repository:
+    name: jetstack
+    repo_url: https://charts.jetstack.io
+    state: present
+
+- name: Copy value files
+  ansible.builtin.copy:
+    src: files/values.yaml
+    dest: ~/cert-manager-values.yaml
+
+- name: Copy clusterissuer-staging yaml
+  ansible.builtin.copy:
+    src: files/clusterissuer-staging.yaml
+    dest: ~/
+
+- name: Copy clusterissuer-prod yaml
+  ansible.builtin.copy:
+    src: files/clusterissuer-prod.yaml
+    dest: ~/
+
+- name: Install cert-manager
+  kubernetes.core.helm:
+    name: cert-manager
+    chart_ref: jetstack/cert-manager
+    namespace: cert-manager
+    create_namespace: true
+    atomic: true
+    kubeconfig: /etc/rancher/k3s/k3s.yaml
+    wait: yes
+    timeout: 600s
+    values:
+      installCRDs: true
+    values_files:
+      /root/cert-manager-values.yaml
+    state: present
+
+- name: Create staging clusterissuer for letsencrypt
+  kubernetes.core.k8s:
+    kubeconfig: /etc/rancher/k3s/k3s.yaml
+    state: present
+    src: /root/clusterissuer-staging.yaml
+
+- name: Create prod clusterissuer for letsencrypt
+  kubernetes.core.k8s:
+    kubeconfig: /etc/rancher/k3s/k3s.yaml
+    state: present
+    src: /root/clusterissuer-prod.yaml

ansible/roles/k8s-cert-manager/tests/inventory

@@ -0,0 +1,3 @@
+#SPDX-License-Identifier: MIT-0
+localhost
+

ansible/roles/k8s-cert-manager/tests/test.yml

@@ -0,0 +1,6 @@
+#SPDX-License-Identifier: MIT-0
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - k8s-cert-manager

ansible/roles/k8s-cert-manager/vars/main.yml

@@ -0,0 +1,3 @@
+#SPDX-License-Identifier: MIT-0
+---
+# vars file for k8s-cert-manager