From b16566e021a9b729fd28248207d633833f1f957b Mon Sep 17 00:00:00 2001
From: Felix Nehrke <felix@nehrke.info>
Date: Thu, 16 Oct 2025 23:11:08 +0200
Subject: [PATCH] Move tasks to setup cert-manager into its own task-file

This change is the first step to setup further tools, like a git-server
or CI-servers with this role.
---
 roles/k8s-setup/tasks/_cert-manager.yml | 43 +++++++++++++++++++++++++
 roles/k8s-setup/tasks/main.yml          | 34 +++----------------
 2 files changed, 48 insertions(+), 29 deletions(-)
 create mode 100644 roles/k8s-setup/tasks/_cert-manager.yml

diff --git a/roles/k8s-setup/tasks/_cert-manager.yml b/roles/k8s-setup/tasks/_cert-manager.yml
new file mode 100644
index 0000000..0080fae
--- /dev/null
+++ b/roles/k8s-setup/tasks/_cert-manager.yml
@@ -0,0 +1,43 @@
+- name: Deploy cert manager {{ cert_manager_version }}
+  kubernetes.core.helm:
+    name: cert-manager
+    chart_ref: "oci://quay.io/jetstack/charts/cert-manager"
+    chart_version: "{{ cert_manager_version }}"
+    release_namespace: "cert-manager"
+    create_namespace: True
+    release_state: "{{ cert_manager_state }}"
+    set_values:
+    - value: crds.enabled=true
+
+- name: Provide let's encrypt clusterissuers
+  kubernetes.core.k8s:
+    definition:
+      apiVersion: cert-manager.io/v1
+      kind: ClusterIssuer
+      metadata:
+        name: "letsencrypt-{{ item.key }}"
+      spec:
+        acme:
+          email: "{{ item.value.email }}"
+          privateKeySecretRef:
+            name: "letsencrypt-{{ item.key }}"
+          server: "{{ item.value.server }}"
+          solvers:
+          - http01:
+              ingress:
+                class: "traefik"
+  loop: "{{ letsencrypt_clusterissuers | dict2items }}"
+
+- name: Ensure middleware to redirect http to https
+  kubernetes.core.k8s:
+    definition:
+      apiVersion: traefik.io/v1alpha1
+      kind: Middleware
+      metadata:
+        name: redirect-https
+        namespace: default
+      spec:
+        redirectScheme:
+          scheme: https
+          permanent: true
+
diff --git a/roles/k8s-setup/tasks/main.yml b/roles/k8s-setup/tasks/main.yml
index 500ffa0..84cac28 100644
--- a/roles/k8s-setup/tasks/main.yml
+++ b/roles/k8s-setup/tasks/main.yml
@@ -1,29 +1,5 @@
-- name: Deploy cert manager {{ cert_manager_version }}
-  kubernetes.core.helm:
-    name: cert-manager
-    chart_ref: "oci://quay.io/jetstack/charts/cert-manager"
-    chart_version: "{{ cert_manager_version }}"
-    release_namespace: "cert-manager"
-    create_namespace: True
-    release_state: "{{ cert_manager_state }}"
-    set_values:
-    - value: crds.enabled=true
-
-- name: Provide let's encrypt clusterissuers
-  kubernetes.core.k8s:
-    definition:
-      apiVersion: cert-manager.io/v1
-      kind: ClusterIssuer
-      metadata:
-        name: "letsencrypt-{{ item.key }}"
-      spec:
-        acme:
-          email: "{{ item.value.email }}"
-          privateKeySecretRef:
-            name: "letsencrypt-{{ item.key }}"
-          server: "{{ item.value.server }}"
-          solvers:
-          - http01:
-              ingress:
-                class: "traefik"
-  loop: "{{ letsencrypt_clusterissuers | dict2items }}"
+- name: Ensure cert-manager
+  tags:
+  - k8s
+  - cert-manager
+  import_tasks: _cert-manager.yml