Move tasks to setup cert-manager into its own task-file

This change is the first step to setup further tools, like a git-server or CI-servers with this role.
2025-10-16 23:11:08 +02:00
parent 9d32790c99
commit b16566e021
2 changed files with 48 additions and 29 deletions
--- a/roles/k8s-setup/tasks/_cert-manager.yml
+++ b/roles/k8s-setup/tasks/_cert-manager.yml
@@ -0,0 +1,43 @@
+- name: Deploy cert manager {{ cert_manager_version }}
+  kubernetes.core.helm:
+    name: cert-manager
+    chart_ref: "oci://quay.io/jetstack/charts/cert-manager"
+    chart_version: "{{ cert_manager_version }}"
+    release_namespace: "cert-manager"
+    create_namespace: True
+    release_state: "{{ cert_manager_state }}"
+    set_values:
+    - value: crds.enabled=true
+
+- name: Provide let's encrypt clusterissuers
+  kubernetes.core.k8s:
+    definition:
+      apiVersion: cert-manager.io/v1
+      kind: ClusterIssuer
+      metadata:
+        name: "letsencrypt-{{ item.key }}"
+      spec:
+        acme:
+          email: "{{ item.value.email }}"
+          privateKeySecretRef:
+            name: "letsencrypt-{{ item.key }}"
+          server: "{{ item.value.server }}"
+          solvers:
+          - http01:
+              ingress:
+                class: "traefik"
+  loop: "{{ letsencrypt_clusterissuers | dict2items }}"
+
+- name: Ensure middleware to redirect http to https
+  kubernetes.core.k8s:
+    definition:
+      apiVersion: traefik.io/v1alpha1
+      kind: Middleware
+      metadata:
+        name: redirect-https
+        namespace: default
+      spec:
+        redirectScheme:
+          scheme: https
+          permanent: true
+
--- a/roles/k8s-setup/tasks/main.yml
+++ b/roles/k8s-setup/tasks/main.yml
@@ -1,29 +1,5 @@
- name: Deploy cert manager {{ cert_manager_version }}
-  kubernetes.core.helm:
-    name: cert-manager
-    chart_ref: "oci://quay.io/jetstack/charts/cert-manager"
-    chart_version: "{{ cert_manager_version }}"
-    release_namespace: "cert-manager"
-    create_namespace: True
-    release_state: "{{ cert_manager_state }}"
-    set_values:
-    - value: crds.enabled=true
-
- name: Provide let's encrypt clusterissuers
-  kubernetes.core.k8s:
-    definition:
-      apiVersion: cert-manager.io/v1
-      kind: ClusterIssuer
-      metadata:
-        name: "letsencrypt-{{ item.key }}"
-      spec:
-        acme:
-          email: "{{ item.value.email }}"
-          privateKeySecretRef:
-            name: "letsencrypt-{{ item.key }}"
-          server: "{{ item.value.server }}"
-          solvers:
-          - http01:
-              ingress:
-                class: "traefik"
-  loop: "{{ letsencrypt_clusterissuers | dict2items }}"
+- name: Ensure cert-manager
+  tags:
+  - k8s
+  - cert-manager
+  import_tasks: _cert-manager.yml