djpbessems/Packer.Images
djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Migrate from helm-controlled ingress to passthrough ingressRoute
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Danny Bessems 2022-08-24 11:21:51 +02:00
parent 5f02ddab49
commit a3da5b8f93
2 changed files with 36 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
View File

@ -116,6 +116,33 @@
kubeconfig: "{{ kubeconfig.path }}"
values: "{{ components.stepcertificates.chart_values }}"
- name: Configure step-ca passthrough ingress
ansible.builtin.template:
src: ingressroutetcp.j2
dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
owner: root
group: root
mode: 0600
vars:
_template:
name: step-ca
namespace: step-ca
config: |2
entryPoints:
- websecure
routes:
- match: HostSNI(`ca.{{ vapp['metadata.fqdn'] }}`)
services:
- name: step-certificates
port: 443
tls:
passthrough: true
notify:
- Apply manifests
- name: Trigger handlers
ansible.builtin.meta: flush_handlers
- name: Retrieve step-ca configuration
kubernetes.core.k8s_log:
kind: Job

16
ansible/vars/metacluster.yml
View File

@ -68,17 +68,19 @@ components:
chart: smallstep/step-certificates
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
chart_values: !unsafe |
ca:
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
inject:
secrets:
ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
ingress:
enabled: true
hosts:
- host: ca.{{ vapp['metacluster.fqdn'] }}
paths:
- path: /
pathType: Prefix
# ingress:
# enabled: true
# hosts:
# - host: ca.{{ vapp['metacluster.fqdn'] }}
# paths:
# - path: /
# pathType: Prefix
service:
targetPort: 9000