[incubator-dlab] branch DLAB-1158 updated: added step-ca

omartushevskyi Wed, 27 Nov 2019 07:02:17 -0800

This is an automated email from the ASF dual-hosted git repository.

omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git



The following commit(s) were added to refs/heads/DLAB-1158 by this push:
     new 1e63861  added step-ca
1e63861 is described below

commit 1e6386176d7b6323f46671aebdd4c34f7d3e007e
Author: Oleh Martushevskyi <[email protected]>
AuthorDate: Wed Nov 27 17:00:35 2019 +0200

    added step-ca
---
 .../modules/helm_charts/dlab-ui-chart/values.yaml  |  1 -
 .../modules/helm_charts/files/nginx_values.yaml    |  4 +--
 .../modules/helm_charts/step-ca-chart/values.yaml  |  6 ++--
 .../step-issuer-chart/templates/deployment.yaml    | 33 +++++++++-------------
 .../main/modules/helm_charts/step-issuer.tf        |  2 +-
 5 files changed, 17 insertions(+), 29 deletions(-)

diff --git 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
index 0d04603..a75d1ab 100644
--- 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
+++ 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
@@ -45,7 +45,6 @@ ui:
     annotations:
       kubernetes.io/ingress.class: nginx
       nginx.ingress.kubernetes.io/ssl-redirect: "true"
-      nginx.ingress.kubernetes.io/ssl-passthrough: "true"
     tls:
       - secretName: dlab-ui-tls
   mongo:
diff --git 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/nginx_values.yaml
 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/nginx_values.yaml
index 98a5545..a484a42 100644
--- 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/nginx_values.yaml
+++ 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/nginx_values.yaml
@@ -21,6 +21,4 @@
 
 controller:
   service:
-    type: LoadBalancer
-  extraArgs:
-    enable-ssl-passthrough: true
\ No newline at end of file
+    type: LoadBalancer
\ No newline at end of file
diff --git 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
index f06f13b..45350b6 100644
--- 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
+++ 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml
@@ -35,13 +35,11 @@ ca:
   address: :9000
   # dns is the comma separated dns names to use. Leave it empty to use the 
format:
   # {include "step-certificates.fullname" .}.{ 
.Release.Namespace}.svc.cluster.local,127.0.0.1
-  dns: step-certs
-  # ${step_chart_name}.${namespace}.svc.cluster.local,${step_ca_host}
+  dns: ${step_chart_name}.${namespace}.svc.cluster.local,${step_ca_host}
   # ${step_ca_host}
   # url is the http url where step-certificates will listen at. Leave it empty 
to use the format
   # https://{{ include "step-certificates.fullname" . }}.{{ .Release.Namespace 
}}.svc.cluster.local
-  url: https://step-certs
-  #${step_chart_name}.${namespace}.svc.cluster.local
+  url: https://${step_chart_name}.${namespace}.svc.cluster.local
   #${step_ca_host}
   # password is the password used to encrypt the keys. Leave it empty to 
generate a random one.
   password: ${step_ca_password}
diff --git 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer-chart/templates/deployment.yaml
 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer-chart/templates/deployment.yaml
index 25c8d63..c010d77 100644
--- 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer-chart/templates/deployment.yaml
+++ 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer-chart/templates/deployment.yaml
@@ -21,12 +21,12 @@
 # 
******************************************************************************
 */ -}}
 
-#apiVersion: v1
-#kind: Namespace
-#metadata:
-#  labels:
-#    control-plane: controller-manager
-#  name: step-issuer-system
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: step-issuer-system
 ---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
@@ -157,8 +157,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: step-issuer-leader-election-role
-  namespace: dlab
-  # step-issuer-system
+  namespace: step-issuer-system
 rules:
 - apiGroups:
   - ""
@@ -261,8 +260,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: step-issuer-leader-election-rolebinding
-  namespace: dlab
-  # step-issuer-system
+  namespace: step-issuer-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -270,8 +268,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: default
-  namespace: dlab
-  # step-issuer-system
+  namespace: step-issuer-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -284,8 +281,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: default
-  namespace: dlab
-  # step-issuer-system
+  namespace: step-issuer-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -298,8 +294,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: default
-  namespace: dlab
-  # step-issuer-system
+  namespace: step-issuer-system
 ---
 apiVersion: v1
 kind: Service
@@ -311,8 +306,7 @@ metadata:
   labels:
     control-plane: controller-manager
   name: step-issuer-controller-manager-metrics-service
-  namespace: dlab
-  # step-issuer-system
+  namespace: step-issuer-system
 spec:
   ports:
   - name: https
@@ -327,8 +321,7 @@ metadata:
   labels:
     control-plane: controller-manager
   name: step-issuer-controller-manager
-  namespace: dlab
-  # step-issuer-system
+  namespace: step-issuer-system
 spec:
   replicas: 1
   selector:
diff --git 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer.tf
 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer.tf
index 8e8095a..2cbb247 100644
--- 
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer.tf
+++ 
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-issuer.tf
@@ -46,7 +46,7 @@ resource "null_resource" "step_issuer_delay" {
 data "template_file" "step_ca_issuer_values" {
   template = file("./modules/helm_charts/step-ca-issuer-chart/values.yaml")
   vars     = {
-    step_ca_url      = "https://step-certs"; # 
"https://${kubernetes_service.step_service_lb.load_balancer_ingress.0.ip}";
+    step_ca_url      = 
"https://${kubernetes_service.step_service_lb.load_balancer_ingress.0.ip}";
     step_ca_bundle   = lookup(data.external.step-ca-config-values.result, 
"rootCa")
     namespace        = kubernetes_namespace.dlab-namespace.metadata[0].name
     step_ca_kid_name = lookup(data.external.step-ca-config-values.result, 
"kidName")


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[incubator-dlab] branch DLAB-1158 updated: added step-ca

Reply via email to