From aef8dafbb3706701fcd4774aa0d6343c9d87ca86 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Thu, 26 Jun 2025 09:24:45 +0000 Subject: [PATCH] Add cert manager Let's Encrypt issuer config --- ansible/inventory/group_vars/all/gateway-api | 17 ++++++++++++++++- ansible/run.yml | 14 ++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/ansible/inventory/group_vars/all/gateway-api b/ansible/inventory/group_vars/all/gateway-api index 8db19b5..40ca70a 100644 --- a/ansible/inventory/group_vars/all/gateway-api +++ b/ansible/inventory/group_vars/all/gateway-api @@ -30,7 +30,6 @@ zuul_operator_gateway_api_httproutes: namespace: projectcontour hostnames: - "zuul.compute.sms-lab.cloud" - - "zuultest.ddns.net" rules: - matches: - path: @@ -40,3 +39,19 @@ zuul_operator_gateway_api_httproutes: - kind: Service name: zuul-web port: 9000 + +zuul_operator_cert_manager_issuers: + - name: letsencrypt + spec: + acme: + email: michal@stackhpc.com + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: issuer-account-key + solvers: + - http01: + gatewayHTTPRoute: + parentRefs: + - name: contour + namespace: projectcontour + kind: Gateway diff --git a/ansible/run.yml b/ansible/run.yml index 62855dc..106ff5b 100644 --- a/ansible/run.yml +++ b/ansible/run.yml @@ -63,6 +63,20 @@ kind: Namespace state: present + - name: Ensure Cert Manager issuers + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: ClusterIssuer + metadata: + name: "{{ item.name }}" + namespace: "{{ item.namespace | default('projectcontour') }}" + spec: "{{ item.spec }}" + state: present + loop: "{{ zuul_operator_cert_manager_issuers }}" + loop_control: + label: "{{ item.name }}" + - name: Ensure Contour Provisioner CRDs kubernetes.core.k8s: src: "{{ zuul_operator_contour_provisioner_crd_url }}"