Deploy ingress, lego and dashboard

roles/lego/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+lego_email: deckard@chmod666.org
+lego_image: jetstack/kube-lego
+lego_version: 0.1.5

roles/lego/tasks/main.yml

@@ -0,0 +1,40 @@
+---
+- name: kube_lego | Templating manifests
+  template: 
+    src: "{{ item }}"
+    dest: "/tmp/{{ item | regex_replace('.j2', '') }}"
+  with_items:
+    - lego-sa.yml.j2
+    - lego-clusterolebinding.yml.j2
+    - lego-clusterole.yml.j2
+    - lego-configmap.yml.j2
+    - lego-controller.yml.j2
+  when: inventory_hostname == initial_master
+
+- name: kube_lego | Deploying kube-lego 
+  kube:
+    name: "{{ item.name }}"
+    resource: "{{ item.type }}"
+    filename: "{{ item.file }}"
+    state: latest
+  with_items:
+    - { 'name': 'kube-lego', 'type': 'sa', 'file': '/tmp/lego-sa.yml' }
+    - { 'name': 'kube-lego', 'type': 'clusterrolebingind', 'file': '/tmp/lego-clusterolebinding.yml' }
+    - { 'name': 'kube-lego', 'type': 'clusterrole', 'file': '/tmp/lego-clusterole.yml' }
+    - { 'name': 'kube-lego', 'type': 'configmap', 'file': '/tmp/lego-configmap.yml' }
+    - { 'name': 'kube-lego', 'type': 'deploy', 'file': '/tmp/lego-controller.yml' }
+  when: inventory_hostname == initial_master
+
+- name: kube_lego | Removing manifest
+  file:
+    path: "/tmp/{{ item }}"
+    state: absent
+  with_items:
+    - lego-namespace.yml
+    - lego-sa.yml
+    - lego-clusterolebinding.yml
+    - lego-clusterole.yml
+    - lego-configmap.yml
+    - lego-controller.yml
+  when: inventory_hostname == initial_master
+

roles/lego/templates/lego-clusterole.yml.j2

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: system:kube-lego
+rules:
+- apiGroups:
+  - ""
+  resources: ["configmaps","secrets","endpoints","events","services"]
+  verbs: ["list","watch","create","update","delete","get"]
+- apiGroups:
+  - ""
+  - "extensions"
+  resources: ["services","nodes","ingresses","pods","ingresses/status"]
+  verbs: ["list","watch","create","update","delete","get"]

roles/lego/templates/lego-clusterolebinding.yml.j2

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: kube-lego
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:kube-lego
+subjects:
+  - kind: ServiceAccount
+    name: kube-lego
+    namespace: kube-system

roles/lego/templates/lego-configmap.yml.j2

@@ -0,0 +1,10 @@
+apiVersion: v1
+metadata:
+  name: kube-lego
+  namespace: kube-system
+data:
+  # modify this to specify your address
+  lego.email: "{{ lego_email }}"
+  # configure letsencrypt's production api
+  lego.url: "https://acme-v01.api.letsencrypt.org/directory"
+kind: ConfigMap

roles/lego/templates/lego-controller.yml.j2

@@ -0,0 +1,48 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: kube-lego
+  namespace: kube-system
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: kube-lego
+    spec:
+      serviceAccountName: kube-lego
+      containers:
+      - name: kube-lego
+        image: "{{ lego_image }}:{{ lego_version }}"
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+        env:
+        - name: LEGO_EMAIL
+          valueFrom:
+            configMapKeyRef:
+              name: kube-lego
+              key: lego.email
+        - name: LEGO_URL
+          valueFrom:
+            configMapKeyRef:
+              name: kube-lego
+              key: lego.url
+        - name: LEGO_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: LEGO_POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+          initialDelaySeconds: 5
+          timeoutSeconds: 1
+      nodeSelector:
+        # node must be labelled with roles=ingress-controller
+        role: ingress-controller
+

roles/lego/templates/lego-namespace.yml.j2

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kube-lego

roles/lego/templates/lego-sa.yml.j2

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-lego
+  namespace: kube-system