k8s let's encrypt issuer and cert creation

2022-08-04 20:03:42 -04:00
parent 7410984c5e
commit 8c752b2b70
10 changed files with 171 additions and 11 deletions
--- a/ansible-5/roles/prod.k3s/tasks/cert_manager.yml
+++ b/ansible-5/roles/prod.k3s/tasks/cert_manager.yml
@@ -0,0 +1,34 @@
+---
+# https://cert-manager.io/docs/installation/helm/#installing-with-helm
+- name: install cert-manager
+  kubernetes.core.helm:
+    kubeconfig_path: "/etc/rancher/k3s/k3s.yaml"
+    atomic: true
+    name: cert-manager
+    chart_ref: jetstack/cert-manager
+    release_namespace: cert-manager
+    create_namespace: true
+    release_values:
+      installCRDs: true
+  become: true
+
+# create issuer
+- name: create let's encrypt issuers
+  kubernetes.core.k8s:
+    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
+    state: present
+    definition: "{{ lookup('file', item) | from_yaml }}"
+  become: true
+  loop:
+    - 'cert-manager/acme.issuer.stg.yaml'
+    - 'cert-manager/acme.issuer.prod.yaml'
+
+- name: create let's encrypt certificates
+  kubernetes.core.k8s:
+    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
+    state: present
+    definition: "{{ lookup('file', item) | from_yaml }}"
+  become: true
+  loop:
+    - 'cert-manager/certificate.xai-corp.stg.yaml'
+    - 'cert-manager/certificate.xai-corp.prod.yaml'
--- a/ansible-5/roles/prod.k3s/tasks/gluster.fstab.yml
+++ b/ansible-5/roles/prod.k3s/tasks/gluster.fstab.yml
@@ -0,0 +1,12 @@
+---
+
+- name: Create glusterfs fstab entries
+  ansible.posix.mount:
+    path: "{{item.path}}"
+    src: "gluster:/{{item.name}}"
+    fstype: "glusterfs"
+    boot: false
+    opts: "direct-io-mode=disable,_netdev,x-systemd.automount 0 0"
+    state: "{{item.state}}"
+  with_items: "{{fstab.gluster}}"
+  become: true
--- a/ansible-5/roles/prod.k3s/tasks/main.yml
+++ b/ansible-5/roles/prod.k3s/tasks/main.yml
@@ -2,19 +2,13 @@
 # provisioning services in k3s cluster

 # mount gluster
- name: Create glusterfs fstab entries
-  ansible.posix.mount:
-    path: "{{item.path}}"
-    src: "gluster:/{{item.name}}"
-    fstype: "glusterfs"
-    boot: false
-    opts: "direct-io-mode=disable,_netdev,x-systemd.automount 0 0"
-    state: "{{item.state}}"
-  with_items: "{{fstab.gluster}}"
-  become: true
+#- include_tasks: gluster.fstab.yml

 # add helm repositories
- include_tasks: add_repos.yml
+#- include_tasks: add_repos.yml
+
+
+- include_tasks: cert_manager.yml

 # https://artifacthub.io/packages/helm/twuni/docker-registry
 #- name: Deploy latest version of docker-registry in dev-tools namespace