djpbessems/Packer.Images
djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Incorrect secret types;Missing newline in ca-bundle

Browse Source
This commit is contained in:
Danny Bessems 2023-08-23 13:46:44 +02:00
parent b009395f62
commit 21f03ba048
4 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/authentication.yml
View File

@ -1,4 +1,5 @@
- block:
- name: Install dex
kubernetes.core.helm:
name: dex
@ -97,12 +98,11 @@
type: kubernetes.io/tls
data:
- key: tls.crt
value: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.crt') }}"
value: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.crt') | b64encode }}"
- key: tls.key
value: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.key') }}"
value: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.key') | b64encode }}"
# TODO: Migrate to step-ca
-
- name: Create pinniped resources
kubernetes.core.k8s:
template: "{{ item.kind }}.j2"
@ -112,6 +112,7 @@
_template:
name: "{{ item.name }}"
namespace: "{{ item.namespace }}"
type: "{{ item.type | default('') }}"
data: "{{ item.data | default(omit) }}"
spec: "{{ item.spec | default(omit) }}"
loop:
@ -121,7 +122,7 @@
spec: |2
issuer: https://idps.{{ vapp['metacluster.fqdn'] }}
tls:
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ '\n' ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
authorizationConfig:
additionalScopes: [offline_access, groups, email]
allowPasswordGrant: false

1
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml
View File

@ -47,6 +47,7 @@
namespace: "{{ item.namespace }}"
annotations: "{{ item.annotations | default('{}') | indent(width=4, first=True) }}"
labels: "{{ item.labels | default('{}') | indent(width=4, first=True) }}"
type: "{{ item.type | default('') }}"
data: "{{ item.data }}"
loop:
- name: argocd-tls-certs-cm

2
ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/secret.j2
View File

@ -3,9 +3,7 @@ kind: Secret
metadata:
name: {{ _template.name }}
namespace: {{ _template.namespace }}
{% if _template.type is defined %}
type: {{ _template.type }}
{% endif %}
data:
{% for kv_pair in _template.data %}
"{{ kv_pair.key }}": {{ kv_pair.value }}

2
ansible/vars/workloadcluster.yml
View File

@ -37,7 +37,7 @@ downstream:
issuer: https://auth.{{ vapp['metacluster.fqdn'] }}/sso
audience: {{ vapp['workloadcluster.name'] | lower }}
tls:
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ '\n' ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
sealed-secrets:
version: 2.8.1 # (= Sealed Secrets v0.20.2)