Housekeeping;Generate root ca preemptively
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
79b794dba2
commit
e3ce60bcb4
@ -6,10 +6,10 @@
|
|||||||
chart_ref: /opt/metacluster/helm-charts/step-certificates
|
chart_ref: /opt/metacluster/helm-charts/step-certificates
|
||||||
release_namespace: step-ca
|
release_namespace: step-ca
|
||||||
create_namespace: yes
|
create_namespace: yes
|
||||||
# Unable to use REST api based readycheck due to missing ingress
|
# Unable to use REST api based readycheck due to 'missing' ingress
|
||||||
wait: yes
|
wait: yes
|
||||||
kubeconfig: "{{ kubeconfig.path }}"
|
kubeconfig: "{{ kubeconfig.path }}"
|
||||||
values: "{{ components.stepcertificates.chart_values }}"
|
values: "{{ stepca_values.stdout }}"
|
||||||
|
|
||||||
- name: Retrieve configmap w/ root certificate
|
- name: Retrieve configmap w/ root certificate
|
||||||
kubernetes.core.k8s_info:
|
kubernetes.core.k8s_info:
|
||||||
|
@ -11,3 +11,45 @@
|
|||||||
- ingress
|
- ingress
|
||||||
- registry
|
- registry
|
||||||
- storage
|
- storage
|
||||||
|
|
||||||
|
- name: Initialize tempfile
|
||||||
|
ansible.builtin.tempfile:
|
||||||
|
state: file
|
||||||
|
register: stepca_password
|
||||||
|
|
||||||
|
- name: Store password in tempfile
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: "{{ stepca_password.path }}"
|
||||||
|
content: "{{ vapp['metacluster.password'] }}"
|
||||||
|
no_log: true
|
||||||
|
|
||||||
|
- name: Generate root CA
|
||||||
|
ansible.builtin.shell:
|
||||||
|
cmd: >-
|
||||||
|
step ca init \
|
||||||
|
--helm \
|
||||||
|
--deployment-type=standalone \
|
||||||
|
--name=ca.{{ vapp['metacluster.fqdn'] }} \
|
||||||
|
--dns=ca.{{ vapp['metacluster.fqdn'] }} \
|
||||||
|
--dns=step-certificates.step-ca.svc.cluster.local \
|
||||||
|
--dns=127.0.0.1 \
|
||||||
|
--address=:443 \
|
||||||
|
--provisioner=admin \
|
||||||
|
--acme \
|
||||||
|
--password-file={{ stepca_password.path }}
|
||||||
|
register: stepca_helmvalues
|
||||||
|
|
||||||
|
- name: Cleanup tempfile
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ stepca_password.path }}"
|
||||||
|
state: absent
|
||||||
|
when: stepca_password.path is defined
|
||||||
|
|
||||||
|
- name: Store root CA certificate
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: /usr/local/share/ca-certificates/root_ca.crt
|
||||||
|
content: "{{ (stepca_values.stdout | from_yaml).inject.certificates.root_ca }}"
|
||||||
|
|
||||||
|
- name: Update certificate truststore
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: update-ca-certificates
|
||||||
|
@ -183,7 +183,6 @@ components:
|
|||||||
|
|
||||||
step-certificates:
|
step-certificates:
|
||||||
helm:
|
helm:
|
||||||
# version: 1.18.2+20220324
|
|
||||||
version: 1.23.0
|
version: 1.23.0
|
||||||
chart: smallstep/step-certificates
|
chart: smallstep/step-certificates
|
||||||
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
|
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
vcenter_server = "bv11-vc.bessems.lan"
|
vcenter_server = "bv11-vc.bessems.lan"
|
||||||
vsphere_username = "administrator@vsphere.local"
|
vsphere_username = "administrator@vsphere.local"
|
||||||
vsphere_datacenter = "DeSchakel"
|
vsphere_datacenter = "DeSchakel"
|
||||||
vsphere_cluster = "Cluster.Legacy"
|
vsphere_cluster = "Cluster.01"
|
||||||
vsphere_host = "bv11-esx.bessems.lan"
|
vsphere_host = "bv11-esx01.bessems.lan"
|
||||||
vsphere_datastore = "ESX00.SSD01"
|
vsphere_datastore = "ESX01.SSD02"
|
||||||
vsphere_folder = "/Packer"
|
vsphere_folder = "/Packer"
|
||||||
vsphere_templatefolder = "/Templates"
|
vsphere_templatefolder = "/Templates"
|
||||||
vsphere_network = "LAN"
|
vsphere_network = "LAN"
|
||||||
|
Loading…
Reference in New Issue
Block a user