Giter VIP home page Giter VIP logo

ansible-role-kubernetes-cert-manager-cert's Introduction

Ansible Role: Generate cert-manager Certificate for Kubernetes

Ansible role to generate a certificate for cert-manager on Kubernetes.

Role Variables

# Certificate name
kubernetes_cert_manager_cert_name:
# Namespace
kubernetes_cert_manager_cert_namespace: "default"

# cert-manager issuer to use
kubernetes_cert_manager_cert_issuer_ref:
# name: issuer_ref name to use
# kind: Issuer/ClusterIssuer

# Certificate common name
kubernetes_cert_manager_cert_common_name:
# Certificate DNS names (Subject Alternative Names)
kubernetes_cert_manager_cert_dns_names: []

# Secret name where the TLS cert will be stored
kubernetes_cert_manager_cert_secret_name:

# List of acme configs, dumps exactly as it is in the manifest as
# `spec/acme/config` (see example for more details)
kubernetes_cert_manager_cert_acme_configs: []

Dependencies

Kubectl needs to be installed on the host targeted by the role.

Example Playbook

- hosts: kube-master
  run_once: true
  vars:
    kubernetes_cert_manager_cert_issuer_ref:
      name: "letsencrypt-issuer"
      kind: "ClusterIssuer"

    kubernetes_cert_manager_cert_name: "example-com"
    kubernetes_cert_manager_cert_secret_name: example-tls
    kubernetes_cert_manager_cert_common_name: "example.com"
    kubernetes_cert_manager_cert_dns_names:
      - "www.example.com"
    kubernetes_cert_manager_cert_acme_configs:
      - http01:
          ingress: "example-ingress"
        domains:
          - example.com
          - www.example.com

  roles:
    - role: Anthony25.kubernetes-cert-manager-cert

Use run_once to run the role on only one available master in the cluster.

If the ingress is pushed by Ansible, its variables can be re-used. An example with my kubernetes-nextcloud role:

- hosts: kube-master
  run_once: true
  vars:
    kubernetes_nextcloud_ingress:
      name: "nextcloud-ingress"
      host: "nextcloud.example.com"
      annotations:
      tls:
        - secretName: "nextcloud-ingress-tls"
          hosts:
            - "nextcloud.example.com"

    kubernetes_cert_manager_cert_name: "nextcloud-example-com"
    kubernetes_cert_manager_cert_secret_name: |
      {{ kubernetes_nextcloud_ingress.tls[0].secretName }}
    kubernetes_cert_manager_cert_common_name: |
      {{ kubernetes_nextcloud_ingress.host }}
    kubernetes_cert_manager_cert_dns_names: |
      {{ kubernetes_nextcloud_ingress.tls[0].hosts }}
    kubernetes_cert_manager_cert_acme_configs:
      - http01:
          ingress: "{{ kubernetes_nextcloud_ingress.name }}"
        domains: "{{ kubernetes_nextcloud_ingress.tls[0].hosts }}"

  roles:
    - role: Anthony25.kubernetes-nextcloud
    - role: Anthony25.kubernetes-cert-manager-cert
      tags:
        - certs
  tags:
    - nextcloud

License

Tool under the BSD license. Do not hesitate to report bugs, ask me some questions or do some pull request if you want to!

ansible-role-kubernetes-cert-manager-cert's People

Contributors

aruhier avatar

Stargazers

avatar avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.