Add step-ca component

ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml

@@ -106,6 +106,16 @@
     kubeconfig: "{{ kubeconfig.path }}"
     values: "{{ components.longhorn.chart_values }}"
 
+- name: Install step-ca chart
+  kubernetes.core.helm:
+    name: step-certificates
+    chart_ref: /opt/metacluster/helm-charts/step-certificates
+    release_namespace: step-ca
+    create_namespace: yes
+    wait: yes
+    kubeconfig: "{{ kubeconfig.path }}"
+    values: "{{ components.stepcertificates.chart_values }}"
+
 - name: Install harbor chart
   kubernetes.core.helm:
     name: harbor

ansible/vars/metacluster.yml

@@ -35,6 +35,8 @@ platform:
       url: https://argoproj.github.io/argo-helm
     - name: sealed-secrets
       url: https://bitnami-labs.github.io/sealed-secrets
+    - name: smallstep
+      url: https://smallstep.github.io/helm-charts/
 
 components:
 
@@ -53,6 +55,19 @@ components:
         persistence:
           defaultClassReplicaCount: 1
 
+  stepcertificates:
+    helm:
+      version: 1.18.2+20220324
+      chart: smallstep/step-certificates
+      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
+      chart_values: !unsafe |
+        inject:
+          secrets:
+            ca_password: {{ vapp['metacluster.password'] }}
+            provisioner_password: {{ vapp['metacluster.password'] }}
+        service:
+          targetPort: 9000
+
   harbor:
     helm:
       version: 1.9.1  # (= Harbor v2.5.1)