betelgeusebytes/ansible/roles/cert_manager/tasks/main.yml

- name: Install cert-manager
  shell: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml

- name: Wait for cert-manager pods to be ready
  shell: kubectl wait --for=condition=ready --timeout=300s pod -l app.kubernetes.io/instance=cert-manager -n cert-manager

- name: Wait for webhook endpoint to be ready
  shell: |
    for i in {1..30}; do
      if kubectl get endpoints cert-manager-webhook -n cert-manager -o jsonpath='{.subsets[*].addresses[*].ip}' | grep -q .; then
        echo "Webhook endpoint is ready"
        exit 0
      fi
      echo "Waiting for webhook endpoint... attempt $i/30"
      sleep 2
    done
    exit 1    

- name: Test webhook connectivity
  shell: kubectl run test-webhook --image=curlimages/curl:latest --rm -i --restart=Never -- curl -k https://cert-manager-webhook.cert-manager.svc:443/healthz
  register: webhook_test
  ignore_errors: yes

- name: Display webhook test result
  debug:
    var: webhook_test

- name: ClusterIssuer
  copy:
    dest: /root/cluster-issuer-prod.yaml
    content: |
      apiVersion: cert-manager.io/v1
      kind: ClusterIssuer
      metadata:
        name: letsencrypt-prod
      spec:
        acme:      
- name: ClusterIssuer
  copy:
    dest: /root/cluster-issuer-prod.yaml
    content: |
      apiVersion: cert-manager.io/v1
      kind: ClusterIssuer
      metadata:
        name: letsencrypt-prod
      spec:
        acme:
          email: admin@betelgeusebytes.io
          server: https://acme-v02.api.letsencrypt.org/directory
          privateKeySecretRef:
            name: letsencrypt-prod-key
          solvers:
          - http01:
              ingress:
                class: nginx      

- name: Temporarily disable cert-manager webhook
  shell: |
    kubectl delete validatingwebhookconfiguration cert-manager-webhook || true    
  ignore_errors: yes

- name: Apply ClusterIssuer
  command: kubectl apply -f /root/cluster-issuer-prod.yaml

- name: Reinstall cert-manager to restore webhook
  shell: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml