Compare commits
2 Commits
585e39cb97
...
a3da5b8f93
| Author | SHA1 | Date | |
|---|---|---|---|
| a3da5b8f93 | |||
| 5f02ddab49 |
@@ -116,6 +116,33 @@
|
|||||||
kubeconfig: "{{ kubeconfig.path }}"
|
kubeconfig: "{{ kubeconfig.path }}"
|
||||||
values: "{{ components.stepcertificates.chart_values }}"
|
values: "{{ components.stepcertificates.chart_values }}"
|
||||||
|
|
||||||
|
- name: Configure step-ca passthrough ingress
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ingressroutetcp.j2
|
||||||
|
dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0600
|
||||||
|
vars:
|
||||||
|
_template:
|
||||||
|
name: step-ca
|
||||||
|
namespace: step-ca
|
||||||
|
config: |2
|
||||||
|
entryPoints:
|
||||||
|
- websecure
|
||||||
|
routes:
|
||||||
|
- match: HostSNI(`ca.{{ vapp['metadata.fqdn'] }}`)
|
||||||
|
services:
|
||||||
|
- name: step-certificates
|
||||||
|
port: 443
|
||||||
|
tls:
|
||||||
|
passthrough: true
|
||||||
|
notify:
|
||||||
|
- Apply manifests
|
||||||
|
|
||||||
|
- name: Trigger handlers
|
||||||
|
ansible.builtin.meta: flush_handlers
|
||||||
|
|
||||||
- name: Retrieve step-ca configuration
|
- name: Retrieve step-ca configuration
|
||||||
kubernetes.core.k8s_log:
|
kubernetes.core.k8s_log:
|
||||||
kind: Job
|
kind: Job
|
||||||
|
|||||||
@@ -68,17 +68,19 @@ components:
|
|||||||
chart: smallstep/step-certificates
|
chart: smallstep/step-certificates
|
||||||
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
|
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
|
||||||
chart_values: !unsafe |
|
chart_values: !unsafe |
|
||||||
|
ca:
|
||||||
|
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
|
||||||
inject:
|
inject:
|
||||||
secrets:
|
secrets:
|
||||||
ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
|
ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
|
||||||
provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
|
provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
|
||||||
ingress:
|
# ingress:
|
||||||
enabled: true
|
# enabled: true
|
||||||
hosts:
|
# hosts:
|
||||||
- host: ca.{{ vapp['metacluster.fqdn'] }}
|
# - host: ca.{{ vapp['metacluster.fqdn'] }}
|
||||||
paths:
|
# paths:
|
||||||
- path: /
|
# - path: /
|
||||||
pathType: Prefix
|
# pathType: Prefix
|
||||||
service:
|
service:
|
||||||
targetPort: 9000
|
targetPort: 9000
|
||||||
|
|
||||||
|
|||||||
@@ -129,7 +129,7 @@ PropertyCategories:
|
|||||||
Type: string(1..)
|
Type: string(1..)
|
||||||
Label: vCenter username*
|
Label: vCenter username*
|
||||||
Description: The username which this bootstrap appliance will authenticate with to the vCenter instance.
|
Description: The username which this bootstrap appliance will authenticate with to the vCenter instance.
|
||||||
DefaultValue: ''
|
DefaultValue: 'administrator@vsphere.local'
|
||||||
Configurations: '*'
|
Configurations: '*'
|
||||||
UserConfigurable: true
|
UserConfigurable: true
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user