diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml index bf1935a..e3c2e74 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml @@ -106,6 +106,16 @@ kubeconfig: "{{ kubeconfig.path }}" values: "{{ components.longhorn.chart_values }}" +- name: Install step-ca chart + kubernetes.core.helm: + name: step-certificates + chart_ref: /opt/metacluster/helm-charts/step-certificates + release_namespace: step-ca + create_namespace: yes + wait: yes + kubeconfig: "{{ kubeconfig.path }}" + values: "{{ components.stepcertificates.chart_values }}" + - name: Install harbor chart kubernetes.core.helm: name: harbor diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml index be7ca1f..6bac21d 100644 --- a/ansible/vars/metacluster.yml +++ b/ansible/vars/metacluster.yml @@ -35,6 +35,8 @@ platform: url: https://argoproj.github.io/argo-helm - name: sealed-secrets url: https://bitnami-labs.github.io/sealed-secrets + - name: smallstep + url: https://smallstep.github.io/helm-charts/ components: @@ -53,6 +55,19 @@ components: persistence: defaultClassReplicaCount: 1 + stepcertificates: + helm: + version: 1.18.2+20220324 + chart: smallstep/step-certificates + parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u + chart_values: !unsafe | + inject: + secrets: + ca_password: {{ vapp['metacluster.password'] }} + provisioner_password: {{ vapp['metacluster.password'] }} + service: + targetPort: 9000 + harbor: helm: version: 1.9.1 # (= Harbor v2.5.1)