Skip to content
Snippets Groups Projects
Commit 6d3bbc41 authored by Varac's avatar Varac
Browse files

Merge branch '116-replace-traefik-by-nginx-and-cert-manager' into 'master' 

Resolve "Replace traefik by nginx and cert-manager"

Closes #116

See merge request openappstack/bootstrap!55
parents ecfa3c08 9d0f5c0e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
ansible/roles/setup/tasks/main.yml
+ 43
1
View file @ 6d3bbc41
......@@ -6,6 +6,7 @@
tags:
- ssh
command: cut -d" " -f 1-2 /etc/ssh/ssh_host_rsa_key.pub
changed_when: false
register: master_rsa_pub_hostkey
- name: Create /oas/config/ssh_known_hosts
......@@ -107,6 +108,46 @@
command: /snap/bin/kubectl rollout status -n kube-system deployment/tiller-deploy
changed_when: false
- name: Install CRDs for cert-manager
tags:
- cert-manager
command: /snap/bin/kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.7/deploy/manifests/00-crds.yaml
- name: Prevent validation deadlock for cert-manager
tags:
- cert-manager
command: /snap/bin/kubectl label namespace cert-manager certmanager.k8s.io/disable-validation="true"
register: cert_manager_label_namespace
failed_when:
# If the namespace doesn't yet exist, that's OK, we don't need to do anything in that case.
- "'NotFound' not in cert_manager_label_namespace.stderr"
- "cert_manager_label_namespace.rc != 0"
- name: Install LetsEncrypt {{ item.name }} ClusterIssuer
tags:
- cert-manager
k8s:
state: present
definition:
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-{{ item.name }}
spec:
acme:
email: "{{ admin_email }}"
server: "{{ item.server }}"
privateKeySecretRef:
# Secret resource used to store the account's private key.
name: letsencrypt-{{ item.name }}-account-key
# Enable the HTTP01 challenge mechanism for this Issuer
http01: {}
with_items:
- name: staging
server: "https://acme-staging-v02.api.letsencrypt.org/directory"
- name: production
server: "https://acme-v02.api.letsencrypt.org/directory"
- name: Clone helmfiles repo
tags:
- git
......@@ -115,6 +156,7 @@
git:
repo: 'https://code.greenhost.net/openappstack/helmfiles'
dest: '/oas/source/repos/helmfiles'
version: "master"
- name: Clone charts repo
tags:
......@@ -161,7 +203,7 @@
path: "{{ item }}"
mode: '0600'
with_items:
- /oas/config/values/apps/traefik.yaml
- /oas/config/values/apps/nginx.yaml
- name: Apply helmfiles
tags:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment