diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml index 9eea057..5e8bd92 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml @@ -9,7 +9,13 @@ # Unable to use REST api based readycheck due to 'missing' ingress wait: yes kubeconfig: "{{ kubeconfig.path }}" - values: "{{ stepca_values.stdout }}" + values: "{{ ( stepca_values.stdout | from_yaml ) | combine( { 'inject': ( _template.chart_values | from_yaml ) }, recursive=True ) }}" + vars: + _template: + chart_values: >- + secrets: + ca_password: "{{ vapp['metacluster.password'] }}" + provisioner_password: "{{ vapp['metacluster.password'] }}" - name: Retrieve configmap w/ root certificate kubernetes.core.k8s_info: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml index b3e812b..43f9067 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml @@ -33,11 +33,11 @@ --dns=ca.{{ vapp['metacluster.fqdn'] }} \ --dns=step-certificates.step-ca.svc.cluster.local \ --dns=127.0.0.1 \ - --address=:443 \ + --address=:9000 \ --provisioner=admin \ --acme \ --password-file={{ stepca_password.path }} - register: stepca_helmvalues + register: stepca_values - name: Cleanup tempfile ansible.builtin.file: