This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-1158 by this push:
new 48b6a58 added step-ca
48b6a58 is described below
commit 48b6a58d3394c4f07527b19fd53a6e21f647a4b7
Author: Oleh Martushevskyi <[email protected]>
AuthorDate: Thu Nov 21 15:07:12 2019 +0200
added step-ca
---
.../step-ca-chart/templates/_helpers.tpl | 1 +
.../modules/helm_charts/step-ca-chart/values.yaml | 8 +--
.../ssn-gke/main/modules/helm_charts/step-ca.tf | 64 ++++++++++------------
3 files changed, 33 insertions(+), 40 deletions(-)
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/_helpers.tpl
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/_helpers.tpl
index e240bac..a129c41 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/_helpers.tpl
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/_helpers.tpl
@@ -38,6 +38,7 @@ Common labels
helm.sh/chart: {{ include "step-certificates.chart" . }}
app.kubernetes.io/name: {{ include "step-certificates.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
+app: step-certificates
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
index 2a0591e..2ae4db9 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
@@ -23,7 +23,7 @@ bootstrapImage:
# service contains configuration for the kubernetes service.
service:
- type: LoadBalancer
+ type: ClusterIP
port: 8080
targetPort: 8080
# type: NodePort
@@ -39,12 +39,10 @@ ca:
address: :8080
# dns is the comma separated dns names to use. Leave it empty to use the
format:
# {include "step-certificates.fullname" .}.{
.Release.Namespace}.svc.cluster.local,127.0.0.1
- dns:
- #${step_ca_host}
+ dns: ${step_ca_host}
# url is the http url where step-certificates will listen at. Leave it empty
to use the format
# https://{{ include "step-certificates.fullname" . }}.{{ .Release.Namespace
}}.svc.cluster.local
- url:
- #http://${step_ca_host}/step
+ url: https://${step_ca_host}:8080
# password is the password used to encrypt the keys. Leave it empty to
generate a random one.
password: ${step_ca_password}
# provisioner contains the step-certificates provisioner configuration.
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca.tf
index 9835db4..75617ab 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca.tf
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca.tf
@@ -24,12 +24,39 @@
// url = "https://smallstep.github.io/helm-charts/";
//}
+resource "kubernetes_service" "step_service_lb" {
+ depends_on = [null_resource.cert_manager_delay]
+ metadata {
+ name = "step-certs"
+ }
+ spec {
+ selector = {
+ app = "step-certificates"
+ }
+ session_affinity = "ClientIP"
+ port {
+ port = 8080
+ target_port = 8080
+ }
+
+ type = "LoadBalancer"
+ }
+}
+
+data "kubernetes_service" "step_service_lb" {
+ metadata {
+ name = "step-certs"
+ namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
+ }
+ depends_on = kubernetes_service.step_service_lb
+}
+
data "template_file" "step_ca_values" {
template = file("./modules/helm_charts/step-ca-chart/values.yaml")
vars = {
step_ca_password = random_string.step_ca_password.result
step_ca_provisioner_password =
random_string.step_ca_provisioner_password.result
- step_ca_host =
data.kubernetes_service.nginx_service.load_balancer_ingress.0.ip
+ step_ca_host =
data.kubernetes_service.step_service_lb.load_balancer_ingress.0.ip
}
}
@@ -37,7 +64,7 @@ resource "helm_release" "step_ca" {
name = "step-certificates"
chart = "./modules/helm_charts/step-ca-chart"
namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
- depends_on = [null_resource.cert_manager_delay]
+ # depends_on = [kubernetes_service.step_service_lb]
wait = false
timeout = 600
@@ -46,39 +73,6 @@ resource "helm_release" "step_ca" {
]
}
-resource "kubernetes_ingress" "step_ca_ingress" {
- metadata {
- name = "step-ca"
- namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
- annotations = {
- "kubernetes.io/ingress.class": "nginx"
- "nginx.ingress.kubernetes.io/ssl-redirect": "false"
- "nginx.ingress.kubernetes.io/rewrite-target": "/step"
- }
- }
-
- spec {
- backend {
- service_name = helm_release.step_ca.name
- service_port = 80
- }
-
- rule {
- http {
- path {
- backend {
- service_name = helm_release.step_ca.name
- service_port = 80
- }
-
- path = "/step"
- }
- }
- }
- }
- depends_on = [helm_release.step_ca]
-}
-
resource "null_resource" "step_ca_delay" {
provisioner "local-exec" {
command = "sleep 120"
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
