djpbessems/Packer.Images
djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Retrieve step-ca more reliably;Configure step-ca admin credentials
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Danny Bessems 2022-08-24 17:44:30 +02:00
parent a3da5b8f93
commit 9a3898e0b8
2 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
View File

@ -131,7 +131,7 @@
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: HostSNI(`ca.{{ vapp['metadata.fqdn'] }}`) - match: HostSNI(`ca.{{ vapp['metacluster.fqdn'] }}`)
services: services:
- name: step-certificates - name: step-certificates
port: 443 port: 443
@ -144,20 +144,21 @@
ansible.builtin.meta: flush_handlers ansible.builtin.meta: flush_handlers
- name: Retrieve step-ca configuration - name: Retrieve step-ca configuration
kubernetes.core.k8s_log: kubernetes.core.k8s_info:
kind: Job kind: ConfigMap
name: step-certificates name: step-certificates
namespace: step-ca namespace: step-ca
kubeconfig: "{{ kubeconfig.path }}" kubeconfig: "{{ kubeconfig.path }}"
register: stepca_bootstraplog register: stepca_configmap
- name: Install root CA in system truststore - name: Install root CA in system truststore
ansible.builtin.shell: ansible.builtin.shell:
cmd: | cmd: |
step ca bootstrap \ step ca bootstrap \
--ca-url={{ stepca_bootstraplog.log | regex_search('CA URL: (.+)', '\\1') | first }} \ --ca-url=https://ca.{{ vapp['metacluster.fqdn'] }} \
--fingerprint={{ stepca_bootstraplog.log | regex_search('CA Fingerprint: (.+)', '\\1') | first }} \ --fingerprint={{ stepca_configmap.resources[0].data['defaults.json'] | from_json | json_query('fingerprint') }} \
--install --install \
--force
- name: Install harbor chart - name: Install harbor chart
kubernetes.core.helm: kubernetes.core.helm:

11
ansible/vars/metacluster.yml
View File

@ -70,17 +70,14 @@ components:
chart_values: !unsafe | chart_values: !unsafe |
ca: ca:
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1 dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
password: "{{ vapp['guestinfo.rootpw'] }}"
provisioner:
name: admin
password: "{{ vapp['guestinfo.rootpw'] }}"
inject: inject:
secrets: secrets:
ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}" ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}" provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
# ingress:
# enabled: true
# hosts:
# - host: ca.{{ vapp['metacluster.fqdn'] }}
# paths:
# - path: /
# pathType: Prefix
service: service:
targetPort: 9000 targetPort: 9000