---
- name: Add Jetstack Helm Repo
  kubernetes.core.helm_repository:
    name: jetstack
    repo_url: https://charts.jetstack.io

- name: Install Cert Manager
  kubernetes.core.helm:
    name: cert-manager
    chart_ref: jetstack/cert-manager
    release_namespace: cert-manager
    create_namespace: true
    values:
      installCRDs: true
      extraArgs:
        - --feature-gates=ExperimentalGatewayAPISupport=true
    wait: true

- name: Create Cloudflare Secret
  kubernetes.core.k8s:
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: cloudflare-api-token
        namespace: cert-manager
      type: Opaque
      stringData:
        api-token: "{{ cloudflare_token }}"

- name: Create Cloudflare ClusterIssuer
  kubernetes.core.k8s:
    definition:
      apiVersion: cert-manager.io/v1
      kind: ClusterIssuer
      metadata:
        name: letsencrypt-prod
      spec:
        acme:
          email: "{{ acme_email }}"
          server: https://acme-v02.api.letsencrypt.org/directory
          privateKeySecretRef:
            name: letsencrypt-prod-account-key
          solvers:
          - dns01:
              cloudflare:
                email: "{{ acme_email }}"
                apiTokenSecretRef:
                  name: cloudflare-api-token
                  key: api-token

- name: Create Certificate for Gitea
  kubernetes.core.k8s:
    definition:
      apiVersion: cert-manager.io/v1
      kind: Certificate
      metadata:
        name: git-svc-pguia-com-tls
        namespace: traefik
      spec:
        secretName: git-svc-pguia-com-tls
        issuerRef:
          name: letsencrypt-prod
          kind: ClusterIssuer
        dnsNames:
        - git.svc.pguia.com