From 90082ca36ab848a3d84454cc09e13a4aafc133f1 Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Fri, 25 Aug 2023 14:13:01 +0200 Subject: [PATCH] fix: Inject ca-bundle into gitea container --- .../roles/metacluster/tasks/certauthority.yml | 7 +++++++ ansible/vars/metacluster.yml | 10 ++++++++++ 2 files changed, 17 insertions(+) diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml index 6d2dff1..417c24b 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml @@ -34,6 +34,7 @@ kubeconfig: "{{ kubeconfig.path }}" loop: - argo-cd + - gitea # - kube-system - name: Store root certificate in namespaced configmaps/secrets @@ -63,6 +64,12 @@ data: - key: git.{{ vapp['metacluster.fqdn'] }} value: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] }}" + - name: step-certificates-certs + namespace: gitea + kind: secret + data: + - key: ca_chain.crt + value: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ _newline ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}" - name: step-certificates-certs namespace: kube-system kind: secret diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml index 2e60978..5f626c1 100644 --- a/ansible/vars/metacluster.yml +++ b/ansible/vars/metacluster.yml @@ -135,6 +135,16 @@ components: chart: gitea-charts/gitea parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/' chart_values: !unsafe | + extraVolumes: + - secret: + defaultMode: 420 + name: step-certificates-certs + name: step-certificates-certs + extraVolumeMounts: + - mountPath: /etc/ssl/certs/ca-chain.crt + name: step-certificates-certs + readOnly: true + subPath: ca_chain.crt gitea: admin: username: administrator