diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml index 5d24fc3..717a0ba 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml @@ -159,6 +159,7 @@ --fingerprint={{ stepca_configmap.resources[0].data['defaults.json'] | from_json | json_query('fingerprint') }} \ --install \ --force + update-ca-certificates - name: Install harbor chart kubernetes.core.helm: diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml index 00d43e1..aa5f00d 100644 --- a/ansible/vars/metacluster.yml +++ b/ansible/vars/metacluster.yml @@ -69,6 +69,14 @@ components: parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u chart_values: !unsafe | ca: + bootstrap: + postInitHook: | + echo '{{ vapp["guestinfo.rootpw"] }}' > ~/pwfile + step ca provisioner add acme \ + --type ACME \ + --password-file=~/pwfile \ + --force-cn + rm ~/pwfile dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1 password: "{{ vapp['guestinfo.rootpw'] }}" provisioner: