Add smallstep config

2022-01-27 09:00:51 +01:00 · 2022-01-27 09:00:51 +01:00 · 4f2890cd12
commit 4f2890cd12
parent 928566923a
2 changed files with 34 additions and 0 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -108,6 +108,12 @@
 # https://github.com/smallstep/step-issuer
  - name: Install Step webhook
    block:
+#    - name: SmallStep PVC
+#      kubernetes.core.k8s:
+#        state: present
+#        context: "{{ my_context }}"
+#        namespace: "cert-manager"
+#        resource_definition: "{{ lookup('template', 'smallstep-pvc.yml.j2') | from_yaml }}"
    - name: Defined smallstep repository
      kubernetes.core.helm_repository:
        name: smallstep
@ -124,6 +130,8 @@
 #          ca:
 #            provisioner:
 #              name: "admin"
+#            db:
+#              existingClaim: smallstep
    # https://github.com/smallstep/helm-charts/tree/master/step-issuer
    - name: Deploy step-certificates chart
      kubernetes.core.helm:
--- a/templates/smallstep-pvc.yml.j2
+++ b/templates/smallstep-pvc.yml.j2
@ -0,0 +1,26 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: smallstep
+  labels:
+    app: smallstep
+spec:
+  accessModes:
+{% if smallstep_storage_classname == "manual" %}
+    - ReadWriteOnce
+  storageClassName: manual
+{% elif smallstep_storage_classname == "local" %}
+    - ReadWriteOnce
+  storageClassName: local-path
+{% elif smallstep_storage_classname == "longhorn" %}
+    - ReadWriteOnce
+  storageClassName: longhorn
+{% elif smallstep_storage_classname == "nfs-backup" %}
+    - ReadWriteMany
+  storageClassName: nfs-backup
+{% elif smallstep_storage_classname is not defined or smallstep_storage_classname == "default" %}
+    - ReadWriteOnce
+{% endif %}
+  resources:
+    requests:
+      storage: 1Gi