- name: Install cert-manager shell: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml - name: Wait for cert-manager pods to be ready shell: kubectl wait --for=condition=ready --timeout=300s pod -l app.kubernetes.io/instance=cert-manager -n cert-manager - name: Wait for webhook endpoint to be ready shell: | for i in {1..30}; do if kubectl get endpoints cert-manager-webhook -n cert-manager -o jsonpath='{.subsets[*].addresses[*].ip}' | grep -q .; then echo "Webhook endpoint is ready" exit 0 fi echo "Waiting for webhook endpoint... attempt $i/30" sleep 2 done exit 1 - name: Test webhook connectivity shell: kubectl run test-webhook --image=curlimages/curl:latest --rm -i --restart=Never -- curl -k https://cert-manager-webhook.cert-manager.svc:443/healthz register: webhook_test ignore_errors: yes - name: Display webhook test result debug: var: webhook_test - name: ClusterIssuer copy: dest: /root/cluster-issuer-prod.yaml content: | apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-prod spec: acme: - name: ClusterIssuer copy: dest: /root/cluster-issuer-prod.yaml content: | apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-prod spec: acme: email: admin@betelgeusebytes.io server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: letsencrypt-prod-key solvers: - http01: ingress: class: nginx - name: Temporarily disable cert-manager webhook shell: | kubectl delete validatingwebhookconfiguration cert-manager-webhook || true ignore_errors: yes - name: Apply ClusterIssuer command: kubectl apply -f /root/cluster-issuer-prod.yaml - name: Reinstall cert-manager to restore webhook shell: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml