vexxhost / atmosphere

Simple & easy private cloud platform featuring VMs, Kubernetes & bare-metal
100 stars 28 forks source link

wildcard certificat #206

Closed mpiscaer closed 1 year ago

mpiscaer commented 1 year ago

I would like to use a wildcard certificate to have all the service running.

Like

mnaser commented 1 year ago

This can be done by creating a secret and overriding openstack_helm_ingress_secret_name:

https://github.com/vexxhost/atmosphere/blob/f3f59a7e17dfa057cd6fbf6d0b3b39a0d931e754/roles/openstack_helm_ingress/defaults/main.yml#L16-L21

mpiscaer commented 1 year ago

I created a secret with kubectl -n openstack create secret tls cert-tls --key="tls.key" --cert="tls.crt" and changed openstack_helm_ingress_secret_name: cert-tls

After running the playbooks the system deletes and recreates a new secret.

okozachenko1203 commented 1 year ago

https://github.com/vexxhost/atmosphere/blob/223eb5bf031b30152b8972caf137cc58c8ee45fe/roles/openstack_helm_ingress/vars/main.yml#L16

All ingresses have explicit issuer spec in their annotation regardless of certificate type. It will trigger certificate issue on cert-manager side and user's custom wildcard cert secret is overridden by generated one.

Need to make that annotation configurable.

mnaser commented 1 year ago

this is now possible by using this:

https://github.com/vexxhost/atmosphere/blob/a5902dd42117b273cec41ef1be2e12d0279ff817/roles/openstack_helm_ingress/README.md