djpbessems/Packer.Images
djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add acme provisioner;Force system certs update
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Danny Bessems 2022-08-25 08:22:28 +02:00
parent 9a3898e0b8
commit 1c43bb19d2
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
View File

@ -159,6 +159,7 @@
--fingerprint={{ stepca_configmap.resources[0].data['defaults.json'] | from_json | json_query('fingerprint') }} \ --fingerprint={{ stepca_configmap.resources[0].data['defaults.json'] | from_json | json_query('fingerprint') }} \
--install \ --install \
--force --force
update-ca-certificates
- name: Install harbor chart - name: Install harbor chart
kubernetes.core.helm: kubernetes.core.helm:

8
ansible/vars/metacluster.yml
View File

@ -69,6 +69,14 @@ components:
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
chart_values: !unsafe | chart_values: !unsafe |
ca: ca:
bootstrap:
postInitHook: |
echo '{{ vapp["guestinfo.rootpw"] }}' > ~/pwfile
step ca provisioner add acme \
--type ACME \
--password-file=~/pwfile \
--force-cn
rm ~/pwfile
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1 dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
password: "{{ vapp['guestinfo.rootpw'] }}" password: "{{ vapp['guestinfo.rootpw'] }}"
provisioner: provisioner: