- name: cert-manager issuers
  k8s:
    state: present
    namespace: "{{item.name}}"
    definition:
      apiVersion: certmanager.k8s.io/v1alpha1
      kind: ClusterIssuer
      metadata:
        name: "{{item.name}}"
      spec:
        acme:
          # The ACME server URL
          server: "{{item.server}}"
          # Email address used for ACME registration
          email: "{{letsencrypt_email}}"
          # Name of a secret used to store the ACME account private key
          privateKeySecretRef:
            name: "{{item.name}}"
          # Enable HTTP01 validations
          http01: {}
  with_items:
    - name: letsencrypt-production
      server: https://acme-v02.api.letsencrypt.org/directory
    - name: letsencrypt-staging
      server: https://acme-staging-v02.api.letsencrypt.org/directory