[incubator-dlab] branch DLAB-1158 updated: added step-ca

omartushevskyi Thu, 21 Nov 2019 07:17:18 -0800

This is an automated email from the ASF dual-hosted git repository.

omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git



The following commit(s) were added to refs/heads/DLAB-1158 by this push:
     new a2a8f4b  added step-ca
a2a8f4b is described below

commit a2a8f4bc92ab2a77f4e0329751bf63f6eddc24d4
Author: Oleh Martushevskyi <[email protected]>
AuthorDate: Thu Nov 21 17:16:04 2019 +0200

    added step-ca
---
 .../ssn-gke/main/modules/helm_charts/outputs.tf    |  2 +-
 .../step-ca-chart/templates/_helpers.tpl           |  1 -
 .../modules/helm_charts/step-ca-chart/values.yaml  |  8 +++---
 .../ssn-gke/main/modules/helm_charts/step-ca.tf    | 29 ++++++----------------
 .../main/modules/helm_charts/step-issuer.tf        |  6 ++---
 5 files changed, 16 insertions(+), 30 deletions(-)

diff --git 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/outputs.tf
 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/outputs.tf
index 0f3acc2..a340b09 100644
--- 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/outputs.tf
+++ 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/outputs.tf
@@ -44,6 +44,6 @@ output "step_kid_password" {
 }
 
 output "step_ca_url" {
-    value = 
"https://${data.kubernetes_service.nginx_service.load_balancer_ingress.0.ip}:8080";
+    value = 
"https://${kubernetes_service.step_service_lb.load_balancer_ingress.0.ip}";
 }
 
diff --git 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/_helpers.tpl
 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/_helpers.tpl
index a129c41..e240bac 100644
--- 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/_helpers.tpl
+++ 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/_helpers.tpl
@@ -38,7 +38,6 @@ Common labels
 helm.sh/chart: {{ include "step-certificates.chart" . }}
 app.kubernetes.io/name: {{ include "step-certificates.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
-app: step-certificates
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
diff --git 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
index 2ae4db9..97cf170 100644
--- 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
+++ 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
@@ -24,8 +24,8 @@ bootstrapImage:
 # service contains configuration for the kubernetes service.
 service:
   type: ClusterIP
-  port: 8080
-  targetPort: 8080
+  port: 443
+  targetPort: 443
 #  type: NodePort
 #  nodePort: 32433
 #  port: 443
@@ -36,13 +36,13 @@ ca:
   # name is new public key infrastructure (PKI) names.
   name: dlab-step-ca
   # address is the HTTP listener address of step-certificates.
-  address: :8080
+  address: :443
   # dns is the comma separated dns names to use. Leave it empty to use the 
format:
   # {include "step-certificates.fullname" .}.{ 
.Release.Namespace}.svc.cluster.local,127.0.0.1
   dns: ${step_ca_host}
   # url is the http url where step-certificates will listen at. Leave it empty 
to use the format
   # https://{{ include "step-certificates.fullname" . }}.{{ .Release.Namespace 
}}.svc.cluster.local
-  url: https://${step_ca_host}:8080
+  url: https://${step_ca_host}
   # password is the password used to encrypt the keys. Leave it empty to 
generate a random one.
   password: ${step_ca_password}
   # provisioner contains the step-certificates provisioner configuration.
diff --git 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca.tf
 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca.tf
index a53e6ce..6729665 100644
--- 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca.tf
+++ 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca.tf
@@ -24,6 +24,10 @@
 //  url  = "https://smallstep.github.io/helm-charts/";
 //}
 
+locals {
+  step_ca_name = 'step-certificates'
+}
+
 resource "kubernetes_service" "step_service_lb" {
 
   depends_on = [null_resource.cert_manager_delay]
@@ -33,35 +37,18 @@ resource "kubernetes_service" "step_service_lb" {
   }
   spec {
     selector = {
-      app = "step-certificates"
+      app.kubernetes.io/name = local.step_ca_name
     }
     session_affinity = "ClientIP"
     port {
-      port        = 8080
-      target_port = 8080
+      port        = 443
+      target_port = 443
     }
 
     type = "LoadBalancer"
   }
 }
 
-//resource "null_resource" "step_ca_service_delay" {
-//  provisioner "local-exec" {
-//    command = "sleep 120"
-//  }
-//  triggers = {
-//    "before" = helm_release.step_ca.name
-//  }
-//}
-//
-//data "kubernetes_service" "step_service_lb" {
-//    metadata {
-//        name       = "step-certs"
-//        namespace  = kubernetes_namespace.dlab-namespace.metadata[0].name
-//    }
-//    depends_on     = [kubernetes_service.step_service_lb]
-//}
-
 data "template_file" "step_ca_values" {
   template = file("./modules/helm_charts/step-ca-chart/values.yaml")
   vars = {
@@ -72,7 +59,7 @@ data "template_file" "step_ca_values" {
 }
 
 resource "helm_release" "step_ca" {
-  name       = "step-certificates"
+  name       = local.step_ca_name
   chart      = "./modules/helm_charts/step-ca-chart"
   namespace  = kubernetes_namespace.dlab-namespace.metadata[0].name
   # depends_on = [kubernetes_service.step_service_lb]
diff --git 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer.tf
 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer.tf
index 994161b..2cbb247 100644
--- 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer.tf
+++ 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer.tf
@@ -46,7 +46,7 @@ resource "null_resource" "step_issuer_delay" {
 data "template_file" "step_ca_issuer_values" {
   template = file("./modules/helm_charts/step-ca-issuer-chart/values.yaml")
   vars     = {
-    step_ca_url      = 
"http://${data.kubernetes_service.nginx_service.load_balancer_ingress.0.ip}/step";
+    step_ca_url      = 
"https://${kubernetes_service.step_service_lb.load_balancer_ingress.0.ip}";
     step_ca_bundle   = lookup(data.external.step-ca-config-values.result, 
"rootCa")
     namespace        = kubernetes_namespace.dlab-namespace.metadata[0].name
     step_ca_kid_name = lookup(data.external.step-ca-config-values.result, 
"kidName")
@@ -75,7 +75,7 @@ resource "null_resource" "step_ca_issuer_delay" {
 }
 
 data "external" "step-ca-config-values" {
-  program     = ["sh", "./modules/helm_charts/files/get_configmap_values.sh", 
var.credentials_file_path, var.gke_cluster_name, var.region,
-                 var.project_id]
+  program     = ["sh", "./modules/helm_charts/files/get_configmap_values.sh", 
var.credentials_file_path,
+                 var.gke_cluster_name, var.region, var.project_id]
   depends_on  = [null_resource.step_issuer_delay]
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[incubator-dlab] branch DLAB-1158 updated: added step-ca

Reply via email to