Merge pull request #33 from stackhpc/letsencrypt

Add cert manager Let's Encrypt issuer config

Author: mnasiadka

ansible/inventory/group_vars/all/gateway-api

@@ -30,7 +30,6 @@ zuul_operator_gateway_api_httproutes:
           namespace: projectcontour
       hostnames:
         - "zuul.compute.sms-lab.cloud"
-        - "zuultest.ddns.net"
       rules:
         - matches:
           - path:
@@ -40,3 +39,19 @@ zuul_operator_gateway_api_httproutes:
           - kind: Service
             name: zuul-web
             port: 9000
+
+zuul_operator_cert_manager_issuers:
+  - name: letsencrypt
+    spec:
+      acme:
+        email: [email protected]
+        server: https://acme-staging-v02.api.letsencrypt.org/directory
+        privateKeySecretRef:
+          name: issuer-account-key
+        solvers:
+        - http01:
+            gatewayHTTPRoute:
+              parentRefs:
+                - name: contour
+                  namespace: projectcontour
+                  kind: Gateway

ansible/run.yml

@@ -63,6 +63,20 @@
         kind: Namespace
         state: present
 
+    - name: Ensure Cert Manager issuers
+      kubernetes.core.k8s:
+        definition:
+          apiVersion: v1
+          kind: ClusterIssuer
+          metadata:
+            name: "{{ item.name }}"
+            namespace: "{{ item.namespace | default('projectcontour') }}"
+          spec: "{{ item.spec }}"
+        state: present
+      loop: "{{ zuul_operator_cert_manager_issuers }}"
+      loop_control:
+        label: "{{ item.name }}"
+
     - name: Ensure Contour Provisioner CRDs
       kubernetes.core.k8s:
         src: "{{ zuul_operator_contour_provisioner_crd_url }}"