chore: Fix/Remove incorrect/redundant key references
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -15,7 +15,7 @@
|
|||||||
kubernetes.core.helm:
|
kubernetes.core.helm:
|
||||||
name: pinniped
|
name: pinniped
|
||||||
chart_ref: /opt/metacluster/helm-charts/pinniped
|
chart_ref: /opt/metacluster/helm-charts/pinniped
|
||||||
release_namespace: pinniped
|
release_namespace: pinniped-supervisor
|
||||||
create_namespace: true
|
create_namespace: true
|
||||||
wait: false
|
wait: false
|
||||||
kubeconfig: "{{ kubeconfig.path }}"
|
kubeconfig: "{{ kubeconfig.path }}"
|
||||||
@@ -30,7 +30,7 @@
|
|||||||
_template:
|
_template:
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
namespace: "{{ item.namespace }}"
|
namespace: "{{ item.namespace }}"
|
||||||
config: "{{ item.config }}"
|
spec: "{{ item.spec }}"
|
||||||
loop:
|
loop:
|
||||||
- kind: ingressroute
|
- kind: ingressroute
|
||||||
name: pinniped-supervisor
|
name: pinniped-supervisor
|
||||||
@@ -55,6 +55,8 @@
|
|||||||
spec: |2
|
spec: |2
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
serverName: auth.{{ vapp['metacluster.fqdn'] }}
|
serverName: auth.{{ vapp['metacluster.fqdn'] }}
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.kind ~ '/' ~ item.name ~ ' (' ~ item.namespace ~ ')' }}"
|
||||||
|
|
||||||
- name: Ensure pinniped API availability
|
- name: Ensure pinniped API availability
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
@@ -94,10 +96,13 @@
|
|||||||
namespace: pinniped-supervisor
|
namespace: pinniped-supervisor
|
||||||
type: kubernetes.io/tls
|
type: kubernetes.io/tls
|
||||||
data:
|
data:
|
||||||
- tls.crt: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.crt') }}"
|
- key: tls.crt
|
||||||
- tls.key: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.key') }}"
|
value: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.crt') }}"
|
||||||
|
- key: tls.key
|
||||||
|
value: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.key') }}"
|
||||||
# TODO: Migrate to step-ca
|
# TODO: Migrate to step-ca
|
||||||
|
|
||||||
|
-
|
||||||
- name: Create pinniped resources
|
- name: Create pinniped resources
|
||||||
kubernetes.core.k8s:
|
kubernetes.core.k8s:
|
||||||
template: "{{ item.kind }}.j2"
|
template: "{{ item.kind }}.j2"
|
||||||
@@ -107,7 +112,6 @@
|
|||||||
_template:
|
_template:
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
namespace: "{{ item.namespace }}"
|
namespace: "{{ item.namespace }}"
|
||||||
config: "{{ item.config }}"
|
|
||||||
data: "{{ item.data | default(omit) }}"
|
data: "{{ item.data | default(omit) }}"
|
||||||
spec: "{{ item.spec | default(omit) }}"
|
spec: "{{ item.spec | default(omit) }}"
|
||||||
loop:
|
loop:
|
||||||
@@ -117,7 +121,7 @@
|
|||||||
spec: |2
|
spec: |2
|
||||||
issuer: https://idps.{{ vapp['metacluster.fqdn'] }}
|
issuer: https://idps.{{ vapp['metacluster.fqdn'] }}
|
||||||
tls:
|
tls:
|
||||||
certificateAuthorityData: {{ ca_bundle }}
|
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
|
||||||
authorizationConfig:
|
authorizationConfig:
|
||||||
additionalScopes: [offline_access, groups, email]
|
additionalScopes: [offline_access, groups, email]
|
||||||
allowPasswordGrant: false
|
allowPasswordGrant: false
|
||||||
@@ -131,8 +135,10 @@
|
|||||||
namespace: pinniped-supervisor
|
namespace: pinniped-supervisor
|
||||||
type: secrets.pinniped.dev/oidc-client
|
type: secrets.pinniped.dev/oidc-client
|
||||||
data:
|
data:
|
||||||
- clientID: pinniped-supervisor
|
- key: clientID
|
||||||
- clientSecret: "{{ lookup('ansible.builtin.password', '/dev/null length=64 chars=ascii_lowercase,digits seed=' ~ vapp['metacluster.fqdn']) }}"
|
value: "{{ 'pinniped-supervisor' | b64encode }}"
|
||||||
|
- key: clientSecret
|
||||||
|
value: "{{ lookup('ansible.builtin.password', '/dev/null length=64 chars=ascii_lowercase,digits seed=' ~ vapp['metacluster.fqdn']) | b64encode }}"
|
||||||
- kind: federationdomain
|
- kind: federationdomain
|
||||||
name: metacluster-sso
|
name: metacluster-sso
|
||||||
namespace: pinniped-supervisor
|
namespace: pinniped-supervisor
|
||||||
@@ -140,3 +146,5 @@
|
|||||||
issuer: https://auth.{{ vapp['metacluster.fqdn'] }}/sso
|
issuer: https://auth.{{ vapp['metacluster.fqdn'] }}/sso
|
||||||
tls:
|
tls:
|
||||||
secretName: pinniped-supervisor-tls
|
secretName: pinniped-supervisor-tls
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.kind ~ '/' ~ item.name }}"
|
||||||
|
|||||||
@@ -37,7 +37,7 @@ downstream:
|
|||||||
issuer: https://auth.{{ vapp['metacluster.fqdn'] }}/sso
|
issuer: https://auth.{{ vapp['metacluster.fqdn'] }}/sso
|
||||||
audience: {{ vapp['workloadcluster.name'] | lower }}
|
audience: {{ vapp['workloadcluster.name'] | lower }}
|
||||||
tls:
|
tls:
|
||||||
certificateAuthorityData: {{ ca_bundle }}
|
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
|
||||||
|
|
||||||
sealed-secrets:
|
sealed-secrets:
|
||||||
version: 2.8.1 # (= Sealed Secrets v0.20.2)
|
version: 2.8.1 # (= Sealed Secrets v0.20.2)
|
||||||
|
|||||||
Reference in New Issue
Block a user