Disable http challenge;Inject stepca cert;Set default certresolver

ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml

@@ -110,7 +110,7 @@
   kubernetes.core.helm:
     name: step-certificates
     chart_ref: /opt/metacluster/helm-charts/step-certificates
-    release_namespace: step-ca
+    release_namespace: kube-system
     create_namespace: yes
     wait: yes
     kubeconfig: "{{ kubeconfig.path }}"
@@ -140,6 +140,20 @@
   notify:
     - Apply manifests
 
+- name: Inject step-ca certificate into traefik container
+  ansible.builtin.blockinfile:
+    path: /var/lib/rancher/k3s/server/manifests/traefik-config.yaml
+    block: |
+      volumes:
+        - name: step-certificates-certs
+          mountPath: /step-ca
+          type: configMap
+      env:
+        - name: LEGO_CA_CERTIFICATES
+          value: /step-ca/root_ca.crt
+  notify:
+    - Apply manifests
+
 - name: Trigger handlers
   ansible.builtin.meta: flush_handlers