This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-1158 by this push:
new 6209bde added step-ca
6209bde is described below
commit 6209bdeeca92d808374e5fa8510523de7588873e
Author: Oleh Martushevskyi <[email protected]>
AuthorDate: Tue Nov 19 21:58:45 2019 +0200
added step-ca
---
.../main/modules/helm_charts/step-ca-chart/values.yaml | 13 +++++++++----
.../gcp/ssn-gke/main/modules/helm_charts/step-issuer.tf | 2 +-
.../terraform/gcp/ssn-gke/main/variables.tf | 2 +-
3 files changed, 11 insertions(+), 6 deletions(-)
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
index 58bc28b..70aad8a 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
@@ -42,7 +42,7 @@ ca:
dns: ${step_ca_host}
# url is the http url where step-certificates will listen at. Leave it empty
to use the format
# https://{{ include "step-certificates.fullname" . }}.{{ .Release.Namespace
}}.svc.cluster.local
- url: https://${step_ca_host}
+ url: http://${step_ca_host}/step
# password is the password used to encrypt the keys. Leave it empty to
generate a random one.
password: ${step_ca_password}
# provisioner contains the step-certificates provisioner configuration.
@@ -75,12 +75,17 @@ ca:
# autocert is used to configure the autocert chart that depends on
step-certificates.
autocert:
- enabled: false
+ enabled: true
# ingress contains the configuration for an ingress controller.
+paths:
+ - /step
ingress:
- enabled: false
- annotations: {}
+ enabled: true
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ nginx.ingress.kubernetes.io/ssl-redirect: "true"
+ nginx.ingress.kubernetes.io/rewrite-target: /step
hosts: []
tls: []
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer.tf
index 88a8f80..994161b 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer.tf
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer.tf
@@ -46,7 +46,7 @@ resource "null_resource" "step_issuer_delay" {
data "template_file" "step_ca_issuer_values" {
template = file("./modules/helm_charts/step-ca-issuer-chart/values.yaml")
vars = {
- step_ca_url =
"https://${data.kubernetes_service.nginx_service.load_balancer_ingress.0.ip}:8080";
+ step_ca_url =
"http://${data.kubernetes_service.nginx_service.load_balancer_ingress.0.ip}/step";
step_ca_bundle = lookup(data.external.step-ca-config-values.result,
"rootCa")
namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
step_ca_kid_name = lookup(data.external.step-ca-config-values.result,
"kidName")
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
index e431e79..c52318f 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
@@ -60,7 +60,7 @@ variable "additional_tag" {
}
variable "ssn_k8s_workers_count" {
- default = 1
+ default = 2
}
variable "gke_cluster_version" {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
