[ATMOSPHERE-304] fix: set variables for cluster issuer name for keycl… (#1703)
…oak and kube-prom-stack (#1676)
…-stack
Reviewed-by: Giovanni Tirloni
Reviewed-by: Mohammed Naser mnaser@vexxhost.com
Reviewed-by: Oleksandr K.
Reviewed-by: Mohammed Naser <mnaser@vexxhost.com>
diff --git a/doc/source/deploy/certificates.rst b/doc/source/deploy/certificates.rst
index 7d77d1b..2e04abb 100644
--- a/doc/source/deploy/certificates.rst
+++ b/doc/source/deploy/certificates.rst
@@ -299,12 +299,13 @@
to configure the certificate values.
In order to apply these annotations to all ingresses managed by Atmosphere, you
-can use the ``ingress_global_annotations`` variable in your inventory which will
-apply the annotations to all ingresses.
+can use the ``atmosphere_ingress_annotations`` variable in your inventory which will
+apply the annotations to all ingresses. ``ingress_global_annotations`` variable is
+deprecated.
.. code-block:: yaml
- ingress_global_annotations:
+ atmosphere_ingress_annotations:
cert-manager.io/subject-organizations: VEXXHOST, Inc.
cert-manager.io/subject-organizationalunits: Cloud Infrastructure
cert-manager.io/subject-localities: Montreal
diff --git a/roles/defaults/defaults/main.yml b/roles/defaults/defaults/main.yml
index bcaf89b..f519677 100644
--- a/roles/defaults/defaults/main.yml
+++ b/roles/defaults/defaults/main.yml
@@ -17,6 +17,7 @@
# Ingress
atmosphere_ingress_class_name: atmosphere
atmosphere_ingress_cluster_issuer: atmosphere
+atmosphere_ingress_annotations: {}
# Network backend
atmosphere_network_backend: openvswitch
diff --git a/roles/ingress/defaults/main.yml b/roles/ingress/defaults/main.yml
index 70855a7..05a2cc3 100644
--- a/roles/ingress/defaults/main.yml
+++ b/roles/ingress/defaults/main.yml
@@ -32,9 +32,9 @@
# the ingress role to pass annotations to the
# Ingress resource. You should use role-specific
# variable to pass annotations or use the
-# ingress_global_annotations variable to apply
+# ingress_default_annotations variable to apply
# annotations to all Ingress resources.
ingress_annotations: {}
-# List of annotations to apply to all Ingress resources
-ingress_global_annotations: {}
+# List of annotations to apply to all Ingress resources as default
+ingress_default_annotations: "{{ ingress_global_annotations | default(atmosphere_ingress_annotations) }}"
diff --git a/roles/ingress/templates/ingress.yml.j2 b/roles/ingress/templates/ingress.yml.j2
index a06bc1d..04135bc 100644
--- a/roles/ingress/templates/ingress.yml.j2
+++ b/roles/ingress/templates/ingress.yml.j2
@@ -5,8 +5,8 @@
namespace: {{ ingress_namespace | default('default') }}
annotations:
cert-manager.io/common-name: {{ ingress_host }}
-{% if (ingress_annotations|length) > 0 or (ingress_global_annotations|length) > 0 %}
- {{ ingress_annotations | combine(ingress_global_annotations, recursive=True) | to_nice_yaml | indent(4) }}
+{% if (ingress_annotations|length) > 0 or (ingress_default_annotations|length) > 0 %}
+ {{ ingress_annotations | combine(ingress_default_annotations, recursive=True) | to_nice_yaml | indent(4) }}
{% endif %}
spec:
ingressClassName: {{ ingress_class_name }}
diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
index 02704aa..324ab43 100644
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -22,6 +22,7 @@
keycloak_host: "{{ undef('You must specify a Keycloak host using keycloak_host') }}"
keycloak_ingress_annotations: {}
keycloak_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+keycloak_ingress_cluster_issuer: "{{ atmosphere_ingress_cluster_issuer }}"
keycloak_admin_username: admin
keycloak_admin_password: "{{ undef(hint='You must specify a Keycloak admin password using keycloak_admin_password') }}"
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index 5c65bd3..b90875b 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -88,7 +88,7 @@
ingress_service_port: 80
ingress_secret_name: "{{ keycloak_host_tls_secret_name }}"
ingress_annotations:
- cert-manager.io/cluster-issuer: atmosphere
+ cert-manager.io/cluster-issuer: "{{ keycloak_ingress_cluster_issuer }}"
- name: Enable pxc strict mode
run_once: true
diff --git a/roles/kube_prometheus_stack/defaults/main.yml b/roles/kube_prometheus_stack/defaults/main.yml
index dfd4ee9..fda7a49 100644
--- a/roles/kube_prometheus_stack/defaults/main.yml
+++ b/roles/kube_prometheus_stack/defaults/main.yml
@@ -20,6 +20,9 @@
kube_prometheus_stack_helm_values: {}
kube_prometheus_stack_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+kube_prometheus_stack_ingress_cluster_issuer: "{{ atmosphere_ingress_cluster_issuer }}"
+kube_prometheus_stack_ingress_annotations:
+ cert-manager.io/cluster-issuer: "{{ kube_prometheus_stack_ingress_cluster_issuer }}"
kube_prometheus_stack_grafana_admin_password: "{{ undef('You must specify a Grafana password using kube_prometheus_stack_grafana_admin_password') }}"
diff --git a/roles/kube_prometheus_stack/vars/main.yml b/roles/kube_prometheus_stack/vars/main.yml
index 26755c3..1ea150a 100644
--- a/roles/kube_prometheus_stack/vars/main.yml
+++ b/roles/kube_prometheus_stack/vars/main.yml
@@ -75,8 +75,7 @@
enabled: true
servicePort: 8081
ingressClassName: "{{ kube_prometheus_stack_ingress_class_name }}"
- annotations:
- cert-manager.io/cluster-issuer: atmosphere
+ annotations: "{{ kube_prometheus_stack_ingress_annotations | combine(atmosphere_ingress_annotations, recursive=True) }}"
hosts:
- "{{ kube_prometheus_stack_alertmanager_host }}"
tls:
@@ -182,8 +181,7 @@
ingress:
enabled: true
ingressClassName: "{{ kube_prometheus_stack_ingress_class_name }}"
- annotations:
- cert-manager.io/cluster-issuer: atmosphere
+ annotations: "{{ kube_prometheus_stack_ingress_annotations | combine(atmosphere_ingress_annotations, recursive=True) }}"
hosts:
- "{{ kube_prometheus_stack_grafana_host }}"
tls:
@@ -301,8 +299,7 @@
enabled: true
servicePort: 8081
ingressClassName: "{{ kube_prometheus_stack_ingress_class_name }}"
- annotations:
- cert-manager.io/cluster-issuer: atmosphere
+ annotations: "{{ kube_prometheus_stack_ingress_annotations | combine(atmosphere_ingress_annotations, recursive=True) }}"
hosts:
- "{{ kube_prometheus_stack_prometheus_host }}"
tls: