djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: djpbessems:b009395f620d8e685baf2ad565f23166e81925a7
Branches Tags
djpbessems:master djpbessems:Appliance.AirgappedK8s-1.27.x djpbessems:Appliance.AirgappedK8s-1.26.x djpbessems:Appliance.AirgappedK8s-1.25.x djpbessems:Test_SemRel djpbessems:UbuntuServer22.04 djpbessems:UbuntuServer20.04 djpbessems:Windows10 djpbessems:Server2019 djpbessems:ADDS
djpbessems:K8s_1.25.9-v1.0.0 djpbessems:v1.0.0
...
compare: djpbessems:0310bb9d1a15397ae6a37ae771f3499080679ddb
Branches Tags
djpbessems:Appliance.AirgappedK8s-1.27.x djpbessems:Appliance.AirgappedK8s-1.26.x djpbessems:Appliance.AirgappedK8s-1.25.x djpbessems:Test_SemRel djpbessems:UbuntuServer22.04 djpbessems:UbuntuServer20.04 djpbessems:Windows10 djpbessems:master djpbessems:Server2019 djpbessems:ADDS
djpbessems:K8s_1.25.9-v1.0.0 djpbessems:v1.0.0

2 Commits
b009395f62 ... 0310bb9d1a

Author SHA1 Message Date
Danny Bessems
0310bb9d1a fix: Incorrect indentation
Some checks failed
continuous-integration/drone/push Build is failing
Details
2023-08-23 13:46:55 +02:00
Danny Bessems
21f03ba048 fix: Incorrect secret types;Missing newline in ca-bundle 2023-08-23 13:46:44 +02:00
4 changed files with 24 additions and 24 deletions
Expand all files Collapse all files

9
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/authentication.yml
View File

@ -1,4 +1,5 @@
- block:
- name: Install dex
kubernetes.core.helm:
name: dex
@ -97,12 +98,11 @@
type: kubernetes.io/tls
data:
- key: tls.crt
value: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.crt') }}"
value: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.crt') | b64encode }}"
- key: tls.key
value: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.key') }}"
value: "{{ lookup('ansible.builtin.file', certificate.path ~ '/certificate.key') | b64encode }}"
# TODO: Migrate to step-ca
-
- name: Create pinniped resources
kubernetes.core.k8s:
template: "{{ item.kind }}.j2"
@ -112,6 +112,7 @@
_template:
name: "{{ item.name }}"
namespace: "{{ item.namespace }}"
type: "{{ item.type | default('') }}"
data: "{{ item.data | default(omit) }}"
spec: "{{ item.spec | default(omit) }}"
loop:
@ -121,7 +122,7 @@
spec: |2
issuer: https://idps.{{ vapp['metacluster.fqdn'] }}
tls:
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ '\n' ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
authorizationConfig:
additionalScopes: [offline_access, groups, email]
allowPasswordGrant: false

1
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/certauthority.yml
View File

@ -47,6 +47,7 @@
namespace: "{{ item.namespace }}"
annotations: "{{ item.annotations | default('{}') | indent(width=4, first=True) }}"
labels: "{{ item.labels | default('{}') | indent(width=4, first=True) }}"
type: "{{ item.type | default('') }}"
data: "{{ item.data }}"
loop:
- name: argocd-tls-certs-cm

2
ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/secret.j2
View File

@ -3,9 +3,7 @@ kind: Secret
metadata:
name: {{ _template.name }}
namespace: {{ _template.namespace }}
{% if _template.type is defined %}
type: {{ _template.type }}
{% endif %}
data:
{% for kv_pair in _template.data %}
"{{ kv_pair.key }}": {{ kv_pair.value }}

36
ansible/vars/workloadcluster.yml
View File

@ -20,24 +20,24 @@ downstream:
createDefaultDiskLabeledNodes: true
defaultDataPath: /mnt/blockstorage
pinniped:
helm:
version: 1.2.11 # (= Pinniped v0.25.0)
chart: bitnami/pinniped
namespace: pinniped-concierge
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
supervisor:
enabled: false
extra_manifests: !unsafe
- src: jwtauthenticator.j2
_template:
name: metacluster-sso
spec: |2
issuer: https://auth.{{ vapp['metacluster.fqdn'] }}/sso
audience: {{ vapp['workloadcluster.name'] | lower }}
tls:
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
pinniped:
helm:
version: 1.2.11 # (= Pinniped v0.25.0)
chart: bitnami/pinniped
namespace: pinniped-concierge
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
supervisor:
enabled: false
extra_manifests: !unsafe
- src: jwtauthenticator.j2
_template:
name: metacluster-sso
spec: |2
issuer: https://auth.{{ vapp['metacluster.fqdn'] }}/sso
audience: {{ vapp['workloadcluster.name'] | lower }}
tls:
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ '\n' ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
sealed-secrets:
version: 2.8.1 # (= Sealed Secrets v0.20.2)