---
# Role: cert-manager
# Déploie cert-manager pour la gestion des certificats TLS

- name: Installer cert-manager
  kubernetes.core.helm:
    name: cert-manager
    chart_ref: "{{ helm_charts.cert_manager.chart }}"
    chart_version: "{{ helm_charts.cert_manager.version }}"
    release_namespace: cert-manager
    create_namespace: true
    values:
      installCRDs: true
      resources:
        requests:
          cpu: "100m"
          memory: "128Mi"
        limits:
          cpu: "500m"
          memory: "256Mi"

- name: Créer le ClusterIssuer Let's Encrypt
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: cert-manager.io/v1
      kind: ClusterIssuer
      metadata:
        name: letsencrypt
      spec:
        acme:
          server: https://acme-v02.api.letsencrypt.org/directory
          email: "{{ acme_email }}"
          privateKeySecretRef:
            name: letsencrypt-key
          solvers:
            - http01:
                ingress:
                  class: traefik