chore: move cert-manager to offline install
diff --git a/roles/cert_manager/README.md b/roles/cert_manager/README.md
new file mode 100644
index 0000000..ba0a58b
--- /dev/null
+++ b/roles/cert_manager/README.md
@@ -0,0 +1,4 @@
+# cert-manager
+
+ This is a role which will deploy `cert-manager` using Helm against a Kubernetes
+ cluster.
diff --git a/roles/cert_manager/defaults/main.yml b/roles/cert_manager/defaults/main.yml
new file mode 100644
index 0000000..179c783
--- /dev/null
+++ b/roles/cert_manager/defaults/main.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+cert_manager_helm_release_name: cert-manager
+cert_manager_helm_chart_path: "{{ role_path }}/../../charts/cert-manager/"
+cert_manager_helm_chart_ref: /usr/local/src/cert-manager
+
+cert_manager_helm_release_namespace: cert-manager
+cert_manager_helm_values: {}
diff --git a/roles/cert_manager/meta/main.yml b/roles/cert_manager/meta/main.yml
new file mode 100644
index 0000000..9221371
--- /dev/null
+++ b/roles/cert_manager/meta/main.yml
@@ -0,0 +1,31 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+galaxy_info:
+ author: VEXXHOST, Inc.
+ description: Ansible role for Cert Manager
+ license: Apache-2.0
+ min_ansible_version: 5.5.0
+ standalone: false
+ platforms:
+ - name: Ubuntu
+ versions:
+ - focal
+
+dependencies:
+ - role: defaults
+ - role: upload_helm_chart
+ vars:
+ upload_helm_chart_src: "{{ cert_manager_helm_chart_path }}"
+ upload_helm_chart_dest: "{{ cert_manager_helm_chart_ref }}"
diff --git a/roles/cert_manager/tasks/main.yml b/roles/cert_manager/tasks/main.yml
new file mode 100644
index 0000000..f20b1c6
--- /dev/null
+++ b/roles/cert_manager/tasks/main.yml
@@ -0,0 +1,48 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# NOTE(mnaser): We should get rid of this task eventually as it is suspending
+# the old HelmRelease and removing it to avoid uninstalling the
+# Helm chart.
+- name: Uninstall the legacy HelmRelease
+ run_once: true
+ block:
+ - name: Suspend the existing HelmRelease
+ kubernetes.core.k8s:
+ state: patched
+ api_version: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: "{{ cert_manager_helm_release_name }}"
+ namespace: "{{ cert_manager_helm_release_namespace }}"
+ definition:
+ spec:
+ suspend: true
+
+ - name: Remove the existing HelmRelease
+ kubernetes.core.k8s:
+ state: absent
+ api_version: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: "{{ cert_manager_helm_release_name }}"
+ namespace: "{{ cert_manager_helm_release_namespace }}"
+
+- name: Deploy Helm chart
+ run_once: true
+ kubernetes.core.helm:
+ name: "{{ cert_manager_helm_release_name }}"
+ chart_ref: "{{ cert_manager_helm_chart_ref }}"
+ release_namespace: "{{ cert_manager_helm_release_namespace }}"
+ create_namespace: true
+ kubeconfig: /etc/kubernetes/admin.conf
+ values: "{{ _cert_manager_helm_values | combine(cert_manager_helm_values, recursive=True) }}"
diff --git a/roles/cert_manager/vars/main.yml b/roles/cert_manager/vars/main.yml
new file mode 100644
index 0000000..5c31124
--- /dev/null
+++ b/roles/cert_manager/vars/main.yml
@@ -0,0 +1,50 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+_cert_manager_helm_values:
+ installCRDs: true
+ featureGates: AdditionalCertificateOutputFormats=true
+ image:
+ repository: "{{ atmosphere_images['cert_manager_controller'] | vexxhost.atmosphere.docker_image('name') }}"
+ tag: "{{ atmosphere_images['cert_manager_controller'] | vexxhost.atmosphere.docker_image('tag') }}"
+ volumes:
+ - name: etc-ssl-certs
+ hostPath:
+ path: /etc/ssl/certs
+ volumeMounts:
+ - name: etc-ssl-certs
+ mountPath: /etc/ssl/certs
+ readOnly: true
+ nodeSelector:
+ openstack-control-plane: enabled
+ webhook:
+ extraArgs:
+ - --feature-gates=AdditionalCertificateOutputFormats=true
+ nodeSelector:
+ openstack-control-plane: enabled
+ image:
+ repository: "{{ atmosphere_images['cert_manager_webhook'] | vexxhost.atmosphere.docker_image('name') }}"
+ tag: "{{ atmosphere_images['cert_manager_webhook'] | vexxhost.atmosphere.docker_image('tag') }}"
+ cainjector:
+ nodeSelector:
+ openstack-control-plane: enabled
+ image:
+ repository: "{{ atmosphere_images['cert_manager_cainjector'] | vexxhost.atmosphere.docker_image('name') }}"
+ tag: "{{ atmosphere_images['cert_manager_cainjector'] | vexxhost.atmosphere.docker_image('tag') }}"
+ startupapicheck:
+ nodeSelector:
+ openstack-control-plane: enabled
+ image:
+ repository: "{{ atmosphere_images['cert_manager_cli'] | vexxhost.atmosphere.docker_image('name') }}"
+ tag: "{{ atmosphere_images['cert_manager_cli'] | vexxhost.atmosphere.docker_image('tag') }}"