feat: 🎸 initial commit

roles/cert_manager/tasks/main.yml

@@ -0,0 +1,66 @@
+---
+- name: Add Jetstack Helm Repo
+  kubernetes.core.helm_repository:
+    name: jetstack
+    repo_url: https://charts.jetstack.io
+
+- name: Install Cert Manager
+  kubernetes.core.helm:
+    name: cert-manager
+    chart_ref: jetstack/cert-manager
+    release_namespace: cert-manager
+    create_namespace: true
+    values:
+      installCRDs: true
+      extraArgs:
+        - --feature-gates=ExperimentalGatewayAPISupport=true
+    wait: true
+
+- name: Create Cloudflare Secret
+  kubernetes.core.k8s:
+    definition:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: cloudflare-api-token
+        namespace: cert-manager
+      type: Opaque
+      stringData:
+        api-token: "{{ cloudflare_token }}"
+
+- name: Create Cloudflare ClusterIssuer
+  kubernetes.core.k8s:
+    definition:
+      apiVersion: cert-manager.io/v1
+      kind: ClusterIssuer
+      metadata:
+        name: letsencrypt-prod
+      spec:
+        acme:
+          email: "{{ acme_email }}"
+          server: https://acme-v02.api.letsencrypt.org/directory
+          privateKeySecretRef:
+            name: letsencrypt-prod-account-key
+          solvers:
+          - dns01:
+              cloudflare:
+                email: "{{ acme_email }}"
+                apiTokenSecretRef:
+                  name: cloudflare-api-token
+                  key: api-token
+
+- name: Create Certificate for Gitea
+  kubernetes.core.k8s:
+    definition:
+      apiVersion: cert-manager.io/v1
+      kind: Certificate
+      metadata:
+        name: git-svc-pguia-com-tls
+        namespace: traefik
+      spec:
+        secretName: git-svc-pguia-com-tls
+        issuerRef:
+          name: letsencrypt-prod
+          kind: ClusterIssuer
+        dnsNames:
+        - git.svc.pguia.com