---
- name: Ensure cert-manager namespace exists
  kubernetes.core.k8s:
    name: cert-manager
    api_version: v1
    kind: Namespace
    state: present
  tags:
    - cert_manager
    - namespace

- name: Create netcup-secret
  kubernetes.core.k8s:
    namespace: cert-manager
    definition: "{{ lookup('ansible.builtin.template', 'netcup.yml.j2') | from_yaml }}"

- name: Add a repository
  kubernetes.core.helm_repository:
    name: cert-manager-webhook-netcup
    repo_url: https://aellwein.github.io/cert-manager-webhook-netcup/charts/

- name: Download cert-manager manifest
  ansible.builtin.get_url:
    url: "{{ cert_manager_manifest }}"
    dest: "/tmp/cert-manager.yaml"
    mode: "0644"
    validate_certs: true
  tags:
    - cert_manager
    - download

- name: Apply cert-manager core manifests
  kubernetes.core.k8s:
    src: "/tmp/cert-manager.yaml"
    state: present
  tags:
    - cert_manager
    - apply_manifest

- name: Wait for cert-manager deployments to be ready
  kubernetes.core.k8s_info:
    api_version: apps/v1
    kind: Deployment
    namespace: cert-manager
    name: "{{ item }}"
    wait: true
    wait_timeout: 300
  loop:
    - cert-manager
    - cert-manager-cainjector
    - cert-manager-webhook
  tags:
    - cert_manager
    - wait_ready

- name: Create Let's Encrypt ClusterIssuer
  kubernetes.core.k8s:
    state: present
    definition: "{{ lookup('ansible.builtin.template', 'clusterissuer.yml.j2') | from_yaml }}"
  tags:
    - cert_manager
    - cluster_issuer

- name: Create Let's Encrypt Certificate
  kubernetes.core.k8s:
    state: present
    definition: "{{ lookup('ansible.builtin.template', 'certificate.yml.j2') | from_yaml }}"
  tags:
    - cert_manager
    - certificate

- name: Install NetCup Webhook
  kubernetes.core.helm:
    name: my-cert-manager-webhook-netcup
    chart_ref: cert-manager-webhook-netcup/cert-manager-webhook-netcup
    release_namespace: cert-manager
    create_namespace: true