Migrate from helm-controlled ingress to passthrough ingressRoute

ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml

@@ -116,6 +116,33 @@
     kubeconfig: "{{ kubeconfig.path }}"
     values: "{{ components.stepcertificates.chart_values }}"
 
+- name: Configure step-ca passthrough ingress
+  ansible.builtin.template:
+    src: ingressroutetcp.j2
+    dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
+    owner: root
+    group: root
+    mode: 0600
+  vars:
+    _template:
+      name: step-ca
+      namespace: step-ca
+      config: |2
+          entryPoints:
+            - websecure
+          routes:
+          - match: HostSNI(`ca.{{ vapp['metadata.fqdn'] }}`)
+            services:
+            - name: step-certificates
+              port: 443
+          tls:
+            passthrough: true
+  notify:
+    - Apply manifests
+
+- name: Trigger handlers
+  ansible.builtin.meta: flush_handlers
+
 - name: Retrieve step-ca configuration
   kubernetes.core.k8s_log:
     kind: Job