115 lines
2.9 KiB
YAML
115 lines
2.9 KiB
YAML
---
|
|
- name: Add Jetstack Helm Repo
|
|
kubernetes.core.helm_repository:
|
|
name: jetstack
|
|
repo_url: https://charts.jetstack.io
|
|
|
|
- name: Install Cert Manager
|
|
kubernetes.core.helm:
|
|
name: cert-manager
|
|
chart_ref: jetstack/cert-manager
|
|
release_namespace: cert-manager
|
|
create_namespace: true
|
|
values:
|
|
installCRDs: true
|
|
extraArgs:
|
|
- --feature-gates=ExperimentalGatewayAPISupport=true
|
|
wait: true
|
|
|
|
- name: Create Cloudflare Secret
|
|
kubernetes.core.k8s:
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: cloudflare-api-token
|
|
namespace: cert-manager
|
|
type: Opaque
|
|
stringData:
|
|
api-token: "{{ cloudflare_token }}"
|
|
|
|
- name: Create Cloudflare ClusterIssuer
|
|
kubernetes.core.k8s:
|
|
definition:
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: letsencrypt-prod
|
|
spec:
|
|
acme:
|
|
email: "{{ acme_email }}"
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
privateKeySecretRef:
|
|
name: letsencrypt-prod-account-key
|
|
solvers:
|
|
- dns01:
|
|
cloudflare:
|
|
email: "{{ acme_email }}"
|
|
apiTokenSecretRef:
|
|
name: cloudflare-api-token
|
|
key: api-token
|
|
|
|
- name: Create Certificate for Gitea
|
|
kubernetes.core.k8s:
|
|
definition:
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: git-svc-pguia-com-tls
|
|
namespace: traefik
|
|
spec:
|
|
secretName: git-svc-pguia-com-tls
|
|
issuerRef:
|
|
name: letsencrypt-prod
|
|
kind: ClusterIssuer
|
|
dnsNames:
|
|
- git.svc.pguia.com
|
|
|
|
- name: Create Certificate for ArgoCD
|
|
kubernetes.core.k8s:
|
|
definition:
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: argocd-svc-pguia-com-tls
|
|
namespace: traefik
|
|
spec:
|
|
secretName: argocd-svc-pguia-com-tls
|
|
issuerRef:
|
|
name: letsencrypt-prod
|
|
kind: ClusterIssuer
|
|
dnsNames:
|
|
- argocd.svc.pguia.com
|
|
|
|
- name: Create Certificate for Grafana
|
|
kubernetes.core.k8s:
|
|
definition:
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: grafana-svc-pguia-com-tls
|
|
namespace: traefik
|
|
spec:
|
|
secretName: grafana-svc-pguia-com-tls
|
|
issuerRef:
|
|
name: letsencrypt-prod
|
|
kind: ClusterIssuer
|
|
dnsNames:
|
|
- grafana.svc.pguia.com
|
|
|
|
- name: Create Certificate for YTD
|
|
kubernetes.core.k8s:
|
|
definition:
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: ytd-svc-pguia-com-tls
|
|
namespace: traefik
|
|
spec:
|
|
secretName: ytd-svc-pguia-com-tls
|
|
issuerRef:
|
|
name: letsencrypt-prod
|
|
kind: ClusterIssuer
|
|
dnsNames:
|
|
- ytd.svc.pguia.com
|