From 6027bd04672b08648fb1a7c6bf790235cc1438a9 Mon Sep 17 00:00:00 2001
From: Maarten de Waard <maarten@greenhost.nl>
Date: Mon, 12 Apr 2021 10:46:26 +0200
Subject: [PATCH] make ingress webhook reachable earlier by installing
 nginx-ingress earlier

closes #758
---
 ansible/roles/apps/tasks/core.yml  | 30 ++++++++++++++++++++++++++++++
 ansible/roles/apps/tasks/main.yml  |  3 ---
 ansible/roles/apps/tasks/nginx.yml | 18 ------------------
 3 files changed, 30 insertions(+), 21 deletions(-)

diff --git a/ansible/roles/apps/tasks/core.yml b/ansible/roles/apps/tasks/core.yml
index 1530ee233..84dc81312 100644
--- a/ansible/roles/apps/tasks/core.yml
+++ b/ansible/roles/apps/tasks/core.yml
@@ -96,6 +96,36 @@
     resource_definition: "{{ lookup('file', 'local-path-provisioner_hr.yaml') | from_yaml }}"
   when: "'local-path-provisioner' in enabled_applications"
 
+- name: Create Kubernetes secret with nginx-ingress settings
+  tags:
+    - config
+    - flux
+    - nginx
+  vars:
+    flux_secret:
+      name: "ingress"
+      namespace: "oas"
+  include_tasks:
+    file: flux_secret.yml
+    apply:
+      tags:
+        - config
+        - flux
+        - nginx
+
+# We have to install nginx-ingress before other charts so that the ingress
+# validation webhook exists before it is used.
+# It will still be managed by flux afterwards.
+- name: Create ingress HelmResource
+  tags:
+    - config
+    - flux
+    - nginx
+  k8s:
+    state: present
+    resource_definition: "{{ lookup('file', 'ingress_hr.yaml') | from_yaml }}"
+  when: "'ingress' in enabled_applications"
+
 - name: Install flux
   tags:
     - flux
diff --git a/ansible/roles/apps/tasks/main.yml b/ansible/roles/apps/tasks/main.yml
index ebb3b774a..b1a6f9e32 100644
--- a/ansible/roles/apps/tasks/main.yml
+++ b/ansible/roles/apps/tasks/main.yml
@@ -9,9 +9,6 @@
 - name: Tasks pertaining to letsencrypt
   import_tasks: letsencrypt.yml
 
-- name: Tasks pertaining to nginx
-  import_tasks: nginx.yml
-
 - name: Tasks pertaining to prometheus and grafana
   import_tasks: prometheus-stack.yml
 
diff --git a/ansible/roles/apps/tasks/nginx.yml b/ansible/roles/apps/tasks/nginx.yml
index 9224d81d3..e69de29bb 100644
--- a/ansible/roles/apps/tasks/nginx.yml
+++ b/ansible/roles/apps/tasks/nginx.yml
@@ -1,18 +0,0 @@
----
-
-- name: Create Kubernetes secret with nginx-ingress settings
-  tags:
-    - config
-    - flux
-    - nginx
-  vars:
-    flux_secret:
-      name: "ingress"
-      namespace: "oas"
-  include_tasks:
-    file: flux_secret.yml
-    apply:
-      tags:
-        - config
-        - flux
-        - nginx
-- 
GitLab