move dns secret to template and k8s-vault, fix leading . in wildcard cert, disable traefil, add nginx-ingress

This commit is contained in:
srw 2024-07-08 17:59:17 +00:00
parent c787dc8f13
commit 6b28af8023
4 changed files with 31 additions and 25 deletions

View File

@ -1,16 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
32383162626163663734653236646538626464643665323334666363306662363434346133653737
3766373965626437376630303837663339383664643466300a336463366335636634336437303036
32626138646662633337663037393538336438643363303962326263656636316336346462643937
6337363463626265630a663964386638633133613465363436376533346336333066663664363062
65333864353338656437333762313937376538376634383438643134313266366236393039376131
35646533353539633436343435316465386534646663316234336263363163343463626632663837
66633432376136323961336437613465303635303966343530383162653766373736333661386163
30303233333939626537303631313532373130363866306165343732653064643866393933323230
31373035653332363961343464613134626464643733313666333861623961373264303462633334
63653638356666656163343266353133396236313231643664313764663761363634643063323466
36623266393166316138343239393663393739666266653730323766643566343936386436666164
30616637656563626634306634336631613564396234613836396537636363643466323762393166
33623534613462306130356631626265373462343065333132666439623333663135336437323536
36303131386135333763356565323962666233353263353331653065333435613138343939393530
633664316538643432303731366233653831

View File

@ -11,5 +11,5 @@ spec:
group: cert-manager.io group: cert-manager.io
commonName: "*.pwa.realitynetwork.store" commonName: "*.pwa.realitynetwork.store"
dnsNames: dnsNames:
- ".pwa.realitynetwork.store" - "pwa.realitynetwork.store"
- "*.pwa.realitynetwork.store" - "*.pwa.realitynetwork.store"

View File

@ -1,8 +1,20 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
39633338616237663666373535663038646563353438346363333632616133353661323532623265 63643362636263346139663662346435343861333538623731363763303034386334396261383233
6464306261363038386234396334363136336435656663390a626133313233396664646130386361 6233306462326530343561333665656330663134653466330a353532613764633361623966396161
39326232343834663665376534666230303034303362333265356263336361626362393939623961 33396332363966623862373036653862626237396631623637613134373266626534656334306465
6234393862366365360a353461386639633132633437653832383663303136343761333132333738 3537653237303461620a386534333031366366323332646363613265323531356331633338356430
33336131323364333063393732643366666563393839303333303663366334613238626537636530 61396561313334633133623066613762613966366633323435656464303765353231373461363664
64323062353134346431373536623162353731623833623832353636643063646463623833613135 61616433306361623631373530366331393132326663303532323461623962393739343364373735
643430356133643436373339643066613165 32313365646231313334373038353536333438386337623962623364313732663030396364346435
35653663633366373036646435323865666139653133636439613034613733333830306339383936
32333139646135316630643338653564613530623465313862396634356363373064366366343364
39313638323631393966373263396361613331646162313736346233656137666563303939323933
38626434396566333362623638663634393934623030633633363563343037396433386531356635
31323731383161313330333337656536383630616331653637306238316365643930336233383433
34643864373936393932356630376265316234333737353531653431313237306335383866656232
37323064656134376237346436396565633732613364616366666638333836333331356534623166
37633039336533373536356562663739316138633431366136653639343239396432636162353061
35363133656131393366333734653634616430366531656230616637666136333161343633373839
39636261396638666361333534643065366636313530623563663839643338633038613133336239
35343636353135323033623037613637313464353733393366336435663835623030653636323734
396637393534353535623266386361303332

View File

@ -1,11 +1,21 @@
--- ---
k8s_cluster_name: default #k8s_cluster_name: default
k8s_cluster_name: rnt-cad-cluster
k8s_cluster_url: rnt-cad-cluster-control.realitynetwork.store k8s_cluster_url: rnt-cad-cluster-control.realitynetwork.store
k8s_taint_servers: true k8s_taint_servers: true
k8s_acme_email: "{{ support_email }}" k8s_acme_email: "{{ support_email }}"
k8s_disable:
- traefik
k8s_manifests: k8s_manifests:
# ingress controller, replaces traefik which is explicitly disabled
- name: ingress-nginx
type: url
source: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml
# cert-manager, required for letsencrypt
- name: cert-manager - name: cert-manager
type: url type: url
source: https://github.com/cert-manager/cert-manager/releases/download/v1.15.0/cert-manager.yaml source: https://github.com/cert-manager/cert-manager/releases/download/v1.15.0/cert-manager.yaml