Compare commits
2 Commits
b009395f62
...
0310bb9d1a
| Author | SHA1 | Date | |
|---|---|---|---|
| 0310bb9d1a | |||
| 21f03ba048 |
@@ -1,4 +1,5 @@
|
|||||||
- block:
|
- block:
|
||||||
|
|
||||||
- name: Install dex
|
- name: Install dex
|
||||||
kubernetes.core.helm:
|
kubernetes.core.helm:
|
||||||
name: dex
|
name: dex
|
||||||
@@ -97,12 +98,11 @@
|
|||||||
type: kubernetes.io/tls
|
type: kubernetes.io/tls
|
||||||
data:
|
data:
|
||||||
- key: tls.crt
|
- key: tls.crt
|
||||||
value: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.crt') }}"
|
value: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.crt') | b64encode }}"
|
||||||
- key: tls.key
|
- key: tls.key
|
||||||
value: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.key') }}"
|
value: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.key') | b64encode }}"
|
||||||
# TODO: Migrate to step-ca
|
# TODO: Migrate to step-ca
|
||||||
|
|
||||||
-
|
|
||||||
- name: Create pinniped resources
|
- name: Create pinniped resources
|
||||||
kubernetes.core.k8s:
|
kubernetes.core.k8s:
|
||||||
template: "{{ item.kind }}.j2"
|
template: "{{ item.kind }}.j2"
|
||||||
@@ -112,6 +112,7 @@
|
|||||||
_template:
|
_template:
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
namespace: "{{ item.namespace }}"
|
namespace: "{{ item.namespace }}"
|
||||||
|
type: "{{ item.type | default('') }}"
|
||||||
data: "{{ item.data | default(omit) }}"
|
data: "{{ item.data | default(omit) }}"
|
||||||
spec: "{{ item.spec | default(omit) }}"
|
spec: "{{ item.spec | default(omit) }}"
|
||||||
loop:
|
loop:
|
||||||
@@ -121,7 +122,7 @@
|
|||||||
spec: |2
|
spec: |2
|
||||||
issuer: https://idps.{{ vapp['metacluster.fqdn'] }}
|
issuer: https://idps.{{ vapp['metacluster.fqdn'] }}
|
||||||
tls:
|
tls:
|
||||||
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
|
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ '\n' ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
|
||||||
authorizationConfig:
|
authorizationConfig:
|
||||||
additionalScopes: [offline_access, groups, email]
|
additionalScopes: [offline_access, groups, email]
|
||||||
allowPasswordGrant: false
|
allowPasswordGrant: false
|
||||||
|
|||||||
@@ -47,6 +47,7 @@
|
|||||||
namespace: "{{ item.namespace }}"
|
namespace: "{{ item.namespace }}"
|
||||||
annotations: "{{ item.annotations | default('{}') | indent(width=4, first=True) }}"
|
annotations: "{{ item.annotations | default('{}') | indent(width=4, first=True) }}"
|
||||||
labels: "{{ item.labels | default('{}') | indent(width=4, first=True) }}"
|
labels: "{{ item.labels | default('{}') | indent(width=4, first=True) }}"
|
||||||
|
type: "{{ item.type | default('') }}"
|
||||||
data: "{{ item.data }}"
|
data: "{{ item.data }}"
|
||||||
loop:
|
loop:
|
||||||
- name: argocd-tls-certs-cm
|
- name: argocd-tls-certs-cm
|
||||||
|
|||||||
@@ -3,9 +3,7 @@ kind: Secret
|
|||||||
metadata:
|
metadata:
|
||||||
name: {{ _template.name }}
|
name: {{ _template.name }}
|
||||||
namespace: {{ _template.namespace }}
|
namespace: {{ _template.namespace }}
|
||||||
{% if _template.type is defined %}
|
|
||||||
type: {{ _template.type }}
|
type: {{ _template.type }}
|
||||||
{% endif %}
|
|
||||||
data:
|
data:
|
||||||
{% for kv_pair in _template.data %}
|
{% for kv_pair in _template.data %}
|
||||||
"{{ kv_pair.key }}": {{ kv_pair.value }}
|
"{{ kv_pair.key }}": {{ kv_pair.value }}
|
||||||
|
|||||||
@@ -20,24 +20,24 @@ downstream:
|
|||||||
createDefaultDiskLabeledNodes: true
|
createDefaultDiskLabeledNodes: true
|
||||||
defaultDataPath: /mnt/blockstorage
|
defaultDataPath: /mnt/blockstorage
|
||||||
|
|
||||||
pinniped:
|
pinniped:
|
||||||
helm:
|
helm:
|
||||||
version: 1.2.11 # (= Pinniped v0.25.0)
|
version: 1.2.11 # (= Pinniped v0.25.0)
|
||||||
chart: bitnami/pinniped
|
chart: bitnami/pinniped
|
||||||
namespace: pinniped-concierge
|
namespace: pinniped-concierge
|
||||||
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
||||||
chart_values: !unsafe |
|
chart_values: !unsafe |
|
||||||
supervisor:
|
supervisor:
|
||||||
enabled: false
|
enabled: false
|
||||||
extra_manifests: !unsafe
|
extra_manifests: !unsafe
|
||||||
- src: jwtauthenticator.j2
|
- src: jwtauthenticator.j2
|
||||||
_template:
|
_template:
|
||||||
name: metacluster-sso
|
name: metacluster-sso
|
||||||
spec: |2
|
spec: |2
|
||||||
issuer: https://auth.{{ vapp['metacluster.fqdn'] }}/sso
|
issuer: https://auth.{{ vapp['metacluster.fqdn'] }}/sso
|
||||||
audience: {{ vapp['workloadcluster.name'] | lower }}
|
audience: {{ vapp['workloadcluster.name'] | lower }}
|
||||||
tls:
|
tls:
|
||||||
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
|
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ '\n' ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
|
||||||
|
|
||||||
sealed-secrets:
|
sealed-secrets:
|
||||||
version: 2.8.1 # (= Sealed Secrets v0.20.2)
|
version: 2.8.1 # (= Sealed Secrets v0.20.2)
|
||||||
|
|||||||
Reference in New Issue
Block a user