---
- name: deploy cert-manager addon
  run_once: true
  delegate_to: "{{ groups['_kubernetes_primary_controlplane_node_'] | first }}"
  block:
  - name: create base directory for cert-manager addon
    file:
      path: /etc/kubernetes/addons/cert-manager
      state: directory

    ## you may download these using the following command:
    # wget -O cert-manager.{{ kubernetes_cert_manager_version }}.yml  https://github.com/cert-manager/cert-manager/releases/download/v{{ kubernetes_cert_manager_version }}/cert-manager.yaml
  - name: copy base config for cert-manager
    copy:
      src: "cert-manager.{{ kubernetes_cert_manager_version }}.yml"
      dest: /etc/kubernetes/addons/cert-manager/upstream.yml

  - name: generate kustomization for cert-manager
    template:
      src: "kustomization.yml.j2"
      dest: /etc/kubernetes/addons/cert-manager/kustomization.yml

  - name: check if cert-manager is already installed
    check_mode: no
    command: kubectl --kubeconfig /etc/kubernetes/admin.conf diff -k /etc/kubernetes/addons/cert-manager
    failed_when: false
    changed_when: false
    register: kube_cert_manager_diff_result

  - name: install cert-manager onto the cluster
    when: kube_cert_manager_diff_result.rc != 0
    command: kubectl --kubeconfig /etc/kubernetes/admin.conf apply -k /etc/kubernetes/addons/cert-manager