Let's encrypt certificates issuer and searx

roles/k8s-manifests/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+letsencrypt_email: letsencrypt.account@banditlair.com
+searx_issuer: "{{default_issuer}}"

roles/k8s-manifests/tasks/main.yml

@@ -0,0 +1,37 @@
+---
+- name: Kubernetes manifests | Lay down letsencrypt templates
+  template:
+    src: "{{ item }}.j2"
+    dest: "{{ kube_config_dir }}/{{ item }}"
+  loop:
+    - letsencrypt-production-issuer.yml
+    - letsencrypt-staging-issuer.yml
+  register: manifests
+  when: inventory_hostname == groups['kube-master'][0]
+
+- name: Kubernetes manifests  | Start letsencrypt issuers
+  kube:
+    kubectl: "{{ bin_dir }}/kubectl"
+    filename: "{{ kube_config_dir }}/{{ item.item }}"
+    state: latest
+  loop: "{{ manifests.results }}"
+  when: inventory_hostname == groups['kube-master'][0]
+
+- name: Kubernetes manifests | Lay down searx templates
+  template:
+    src: "{{ item }}.j2"
+    dest: "{{ kube_config_dir }}/{{ item }}"
+  loop:
+    - searx-deployment.yml
+    - searx-svc.yml
+    - searx-ingress.yml
+  register: manifests
+  when: inventory_hostname == groups['kube-master'][0]
+
+- name: Kubernetes manifests | Start searx
+  kube:
+    kubectl: "{{ bin_dir }}/kubectl"
+    filename: "{{ kube_config_dir }}/{{ item.item }}"
+    state: latest
+  loop: "{{ manifests.results }}"
+  when: inventory_hostname == groups['kube-master'][0]

roles/k8s-manifests/templates/letsencrypt-production-issuer.yml.j2

@@ -0,0 +1,18 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    # The ACME production api URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+
+    # Email address used for ACME registration
+    email: "{{letsencrypt_email}}"
+
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-production
+
+    # Enable the HTTP-01 challenge provider
+    http01: {}

roles/k8s-manifests/templates/letsencrypt-staging-issuer.yml.j2

@@ -0,0 +1,18 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+
+    # Email address used for ACME registration
+    email: "{{letsencrypt_email}}"
+
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+
+    # Enable the HTTP-01 challenge provider
+    http01: {}

roles/k8s-manifests/templates/searx-deployment.yml.j2

@@ -0,0 +1,29 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: searx
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: searx
+  template:
+    metadata:
+      labels:
+        app: searx
+    spec:
+      containers:
+        - name: searx
+          image: wonderfall/searx:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8888
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 8888
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 8888

roles/k8s-manifests/templates/searx-ingress.yml.j2

@@ -0,0 +1,21 @@
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: searx-ingress
+  annotations:
+    ingress.kubernetes.io/ssl-redirect: "true"
+    certmanager.k8s.io/cluster-issuer: "{{searx_issuer}}"
+    kubernetes.io/ingress.class: "nginx"
+spec:
+  tls:
+    - hosts:
+      - searx.{{dns_domain}}
+      secretName: searx-{{searx_issuer}}
+  rules:
+    - host: searx.{{dns_domain}}
+      http:
+        paths:
+          - backend:
+              serviceName: searx
+              servicePort: 80

roles/k8s-manifests/templates/searx-svc.yml.j2

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: searx
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: 8888
+  selector:
+    app: searx