[ANSIBLE] Add cert-manager role

A role that provisions the cert-manager (https://cert-manager.io/)
onto Kubernetes cluster

Change-Id: Iced3be4fae7ed20be8f58662b03a8a97b454b470
Issue-ID: OOM-2871
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>

8 files changed, 114 insertions, 0 deletions

diff --git a/ansible/group_vars/infrastructure.yml b/ansible/group_vars/infrastructure.yml
index 17113b33..4323c5e8 100755
--- a/ansible/group_vars/infrastructure.yml
+++ b/ansible/group_vars/infrastructure.yml
@@ -29,3 +29,4 @@ nginx_server_image: own_nginx:2.0.0
 chartmuseum_server_image: chartmuseum/chartmuseum
 kube_prometheus_stack_enabled: false
 kube_prometheus_stack_version: 18.0.4
+cert_manager_version: 1.5.4
diff --git a/ansible/roles/cert-manager/.yamllint b/ansible/roles/cert-manager/.yamllint
new file mode 100644
index 00000000..c5ae64be
--- /dev/null
+++ b/ansible/roles/cert-manager/.yamllint
@@ -0,0 +1,12 @@
+---
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  line-length: disable
+  truthy: disable
diff --git a/ansible/roles/cert-manager/README.md b/ansible/roles/cert-manager/README.md
new file mode 100644
index 00000000..8327d62b
--- /dev/null
+++ b/ansible/roles/cert-manager/README.md
@@ -0,0 +1,24 @@
+Cert-manager provisioning role
+==============================
+
+Deploys cert-manager (https://cert-manager.io/) onto Kubernetes cluster into its own, separate namespace.
+
+Requirements
+------------
+
+cert-manager tgz package is expected to exists in ``app_data_path/downloads`` directory prior to running this role.
+
+Role Variables
+--------------
+
+- cert\_manager\_version (group\_vars) - version string of cert-manager to deploy (a.b.c)
+- cert\_manager.k8s\_namespace (role's defaults) - namespace name to install cert-manager into
+- cert\_manager.helm\_release\_name (role's defaults) - Helm release name for the chart
+- cert\_manager.helm\_timeout (role's defaults) - helm install timeout
+- cert\_manager.helm\_values\_file (role's defaults) - dst path for the yaml file containing cert-manager helm values
+- cert\_manager.helm\_values (role's defaults) - dict of helm values for the cert-manager chart
+
+Dependencies
+------------
+
+Ansible's community.kubernetes.helm module is required to play this role.
diff --git a/ansible/roles/cert-manager/defaults/main.yml b/ansible/roles/cert-manager/defaults/main.yml
new file mode 100644
index 00000000..f87c9075
--- /dev/null
+++ b/ansible/roles/cert-manager/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+cert_manager:
+  k8s_namespace: cert-manager
+  helm_release_name: cert-manager
+  helm_timeout: "240s"
+  helm_values_file: "{{ app_data_path }}/cert_manager.yaml"
+  helm_values:
+    installCRDs: true
diff --git a/ansible/roles/cert-manager/molecule/default/converge.yml b/ansible/roles/cert-manager/molecule/default/converge.yml
new file mode 100644
index 00000000..3af18a7d
--- /dev/null
+++ b/ansible/roles/cert-manager/molecule/default/converge.yml
@@ -0,0 +1,10 @@
+---
+- name: Converge
+  hosts: all
+  pre_tasks:
+    - name: Include infrastructure group variables
+      include_vars: ../../../../group_vars/infrastructure.yml
+  tasks:
+    - name: "Include cert-manager"
+      include_role:
+        name: "cert-manager"
diff --git a/ansible/roles/cert-manager/molecule/default/molecule.yml b/ansible/roles/cert-manager/molecule/default/molecule.yml
new file mode 100644
index 00000000..b7074f45
--- /dev/null
+++ b/ansible/roles/cert-manager/molecule/default/molecule.yml
@@ -0,0 +1,27 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint: |
+  set -e
+  yamllint .
+  ansible-lint .
+  flake8
+platforms:
+  - name: infrastructure-cert-manager
+    image: centos:7
+    groups:
+      - infrastructure
+provisioner:
+  name: ansible
+  env:
+    ANSIBLE_ROLES_PATH: ../../../../test/roles
+    ANSIBLE_LIBRARY: ../../../../library
+  inventory:
+    group_vars:
+      all:
+        app_name: onap
+        app_data_path: "/opt/{{ app_name }}"
+verifier:
+  name: testinfra
diff --git a/ansible/roles/cert-manager/molecule/default/prepare.yml b/ansible/roles/cert-manager/molecule/default/prepare.yml
new file mode 100644
index 00000000..8a90616c
--- /dev/null
+++ b/ansible/roles/cert-manager/molecule/default/prepare.yml
@@ -0,0 +1,10 @@
+---
+- name: Prepare infra container to play cert-manager role
+  hosts: all
+  pre_tasks:
+    - name: Include infrastructure group variables
+      include_vars: ../../../../group_vars/infrastructure.yml
+  tasks:
+    - name: "Include prepare-cert-manager role"
+      include_role:
+        name: "prepare-cert-manager"
diff --git a/ansible/roles/cert-manager/tasks/main.yml b/ansible/roles/cert-manager/tasks/main.yml
new file mode 100644
index 00000000..5b73ded8
--- /dev/null
+++ b/ansible/roles/cert-manager/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: Check {{ cert_manager.helm_release_name }} helm package exists
+  stat:
+    path: "{{ app_data_path }}/downloads/cert-manager-v{{ cert_manager_version }}.tgz"
+  register: cert_manager_package_stat
+  failed_when: not cert_manager_package_stat.stat.exists
+
+- name: Generate helm values file
+  copy:
+    dest: "{{ cert_manager.helm_values_file }}"
+    content: "{{ cert_manager.helm_values | to_nice_yaml }}"
+
+- name: "Install Helm release {{ cert_manager.helm_release_name }}"
+  community.kubernetes.helm:
+    release_name: "{{ cert_manager.helm_release_name }}"
+    release_namespace: "{{ cert_manager.k8s_namespace }}"
+    create_namespace: True
+    chart_ref: "{{ app_data_path }}/downloads/cert-manager-v{{ cert_manager_version }}.tgz"
+    values_files: "{{ cert_manager.helm_values_file }}"
+    wait: True
+    wait_timeout: "{{ cert_manager.helm_timeout }}"
+  tags: molecule-notest