chartmuseum_server_image: chartmuseum/chartmuseum
kube_prometheus_stack_enabled: false
kube_prometheus_stack_version: 18.0.4
+cert_manager_version: 1.5.4
--- /dev/null
+---
+extends: default
+
+rules:
+ braces:
+ max-spaces-inside: 1
+ level: error
+ brackets:
+ max-spaces-inside: 1
+ level: error
+ line-length: disable
+ truthy: disable
--- /dev/null
+Cert-manager provisioning role
+==============================
+
+Deploys cert-manager (https://cert-manager.io/) onto Kubernetes cluster into its own, separate namespace.
+
+Requirements
+------------
+
+cert-manager tgz package is expected to exists in ``app_data_path/downloads`` directory prior to running this role.
+
+Role Variables
+--------------
+
+- cert\_manager\_version (group\_vars) - version string of cert-manager to deploy (a.b.c)
+- cert\_manager.k8s\_namespace (role's defaults) - namespace name to install cert-manager into
+- cert\_manager.helm\_release\_name (role's defaults) - Helm release name for the chart
+- cert\_manager.helm\_timeout (role's defaults) - helm install timeout
+- cert\_manager.helm\_values\_file (role's defaults) - dst path for the yaml file containing cert-manager helm values
+- cert\_manager.helm\_values (role's defaults) - dict of helm values for the cert-manager chart
+
+Dependencies
+------------
+
+Ansible's community.kubernetes.helm module is required to play this role.
--- /dev/null
+---
+cert_manager:
+ k8s_namespace: cert-manager
+ helm_release_name: cert-manager
+ helm_timeout: "240s"
+ helm_values_file: "{{ app_data_path }}/cert_manager.yaml"
+ helm_values:
+ installCRDs: true
--- /dev/null
+---
+- name: Converge
+ hosts: all
+ pre_tasks:
+ - name: Include infrastructure group variables
+ include_vars: ../../../../group_vars/infrastructure.yml
+ tasks:
+ - name: "Include cert-manager"
+ include_role:
+ name: "cert-manager"
--- /dev/null
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint: |
+ set -e
+ yamllint .
+ ansible-lint .
+ flake8
+platforms:
+ - name: infrastructure-cert-manager
+ image: centos:7
+ groups:
+ - infrastructure
+provisioner:
+ name: ansible
+ env:
+ ANSIBLE_ROLES_PATH: ../../../../test/roles
+ ANSIBLE_LIBRARY: ../../../../library
+ inventory:
+ group_vars:
+ all:
+ app_name: onap
+ app_data_path: "/opt/{{ app_name }}"
+verifier:
+ name: testinfra
--- /dev/null
+---
+- name: Prepare infra container to play cert-manager role
+ hosts: all
+ pre_tasks:
+ - name: Include infrastructure group variables
+ include_vars: ../../../../group_vars/infrastructure.yml
+ tasks:
+ - name: "Include prepare-cert-manager role"
+ include_role:
+ name: "prepare-cert-manager"
--- /dev/null
+---
+- name: Check {{ cert_manager.helm_release_name }} helm package exists
+ stat:
+ path: "{{ app_data_path }}/downloads/cert-manager-v{{ cert_manager_version }}.tgz"
+ register: cert_manager_package_stat
+ failed_when: not cert_manager_package_stat.stat.exists
+
+- name: Generate helm values file
+ copy:
+ dest: "{{ cert_manager.helm_values_file }}"
+ content: "{{ cert_manager.helm_values | to_nice_yaml }}"
+
+- name: "Install Helm release {{ cert_manager.helm_release_name }}"
+ community.kubernetes.helm:
+ release_name: "{{ cert_manager.helm_release_name }}"
+ release_namespace: "{{ cert_manager.k8s_namespace }}"
+ create_namespace: True
+ chart_ref: "{{ app_data_path }}/downloads/cert-manager-v{{ cert_manager_version }}.tgz"
+ values_files: "{{ cert_manager.helm_values_file }}"
+ wait: True
+ wait_timeout: "{{ cert_manager.helm_timeout }}"
+ tags: molecule-notest
Code Review / oom / offline-installer.git / commitdiff