- Use the global ingress cluster ip
- Prepare the certificate to support argocd.internal.a.s.n
Related to T4461
Details
Details
- Reviewers
ardumont - Group Reviewers
System administrators - Maniphest Tasks
- T4461: Move argocd to a private admin url
- Commits
- rSPSITE73ae99dafa58: argocd: Prepare the configuration to migrate to the internal admin network
- pergamon:
diff origin/production/pergamon.softwareheritage.org current/pergamon.softwareheritage.org
*******************************************
Exec[letsencrypt certonly argocd] =>
parameters =>
command =>
- certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4096 --cert-name 'argocd' -d 'argocd.softwareheritage.org' -d 'argocd-rp.internal.admin.swh.network' --authenticator manual --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook '/usr/local/bin/letsencrypt_gandi_livedns auth' --manual-cleanup-hook '/usr/local/bin/letsencrypt_gandi_livedns cleanup' --deploy-hook '/usr/local/bin/letsencrypt_puppet_export'
+ certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4096 --cert-name 'argocd' -d 'argocd.softwareheritage.org' -d 'argocd.internal.admin.swh.network' -d 'argocd-rp.internal.admin.swh.network' --authenticator manual --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook '/usr/local/bin/letsencrypt_gandi_livedns auth' --manual-cleanup-hook '/usr/local/bin/letsencrypt_gandi_livedns cleanup' --deploy-hook '/usr/local/bin/letsencrypt_puppet_export'
unless =>
- /usr/local/sbin/letsencrypt-domain-validation /etc/letsencrypt/live/argocd/cert.pem 'argocd.softwareheritage.org' 'argocd-rp.internal.admin.swh.network'
+ /usr/local/sbin/letsencrypt-domain-validation /etc/letsencrypt/live/argocd/cert.pem 'argocd.softwareheritage.org' 'argocd.internal.admin.swh.network' 'argocd-rp.internal.admin.swh.network'
*******************************************
Letsencrypt::Certonly[argocd] =>
parameters =>
domains =>
- ["argocd.softwareheritage.org", "argocd-rp.internal.admin.swh.network"]
+ ["argocd.softwareheritage.org", "argocd.internal.admin.swh.network", "argocd-rp.internal.admin.swh.network"]
*******************************************
+ Resource_record[argocd/CNAME] =>
parameters =>
"data": "k8s-argocd.internal.admin.swh.network",
"keyfile": "/etc/bind/keys/local-update",
"record": "argocd.internal.admin.swh.network",
"type": "CNAME"
*******************************************
+ Resource_record[k8s-argocd/A+PTR] =>
parameters =>
"data": "k8s-argocd.internal.admin.swh.network.",
"keyfile": "/etc/bind/keys/local-update",
"record": "42.50.168.192.in-addr.arpa",
"type": "PTR"
*******************************************
+ Resource_record[k8s-argocd/A] =>
parameters =>
"data": "192.168.50.42",
"keyfile": "/etc/bind/keys/local-update",
"record": "k8s-argocd.internal.admin.swh.network",
"type": "A"
*******************************************
*** End octocatalog-diff on pergamon.softwareheritage.org- rp1.admin
diff origin/production/rp1.internal.admin.swh.network current/rp1.internal.admin.swh.network
*******************************************
File[/etc/varnish/includes/01_argocd.vcl] =>
parameters =>
content =>
@@ -7,5 +7,5 @@
backend argocd
{
- .host = "argo-worker01.internal.admin.swh.network";
+ .host = "k8s-argocd.internal.admin.swh.network";
.port = "80";
}
*******************************************
File[/etc/varnish/includes/50_vhost_argocd.softwareheritage.org.vcl] =>
parameters =>
content =>
@@ -7,4 +7,5 @@
sub vcl_recv {
if (
+ req.http.host == "argocd.internal.admin.swh.network" ||
req.http.host == "argocd-rp.internal.admin.swh.network" ||
req.http.host == "argocd.softwareheritage.org"
*******************************************
Profile::Varnish::Vcl_include[argocd] =>
parameters =>
content =>
@@ -7,5 +7,5 @@
backend argocd
{
- .host = "argo-worker01.internal.admin.swh.network";
+ .host = "k8s-argocd.internal.admin.swh.network";
.port = "80";
}
*******************************************
Profile::Varnish::Vcl_include[vhost_argocd.softwareheritage.org] =>
parameters =>
content =>
@@ -7,4 +7,5 @@
sub vcl_recv {
if (
+ req.http.host == "argocd.internal.admin.swh.network" ||
req.http.host == "argocd-rp.internal.admin.swh.network" ||
req.http.host == "argocd.softwareheritage.org"
*******************************************
Profile::Varnish::Vhost[argocd.softwareheritage.org] =>
parameters =>
aliases =>
- ["argocd-rp.internal.admin.swh.network"]
+ ["argocd.internal.admin.swh.network", "argocd-rp.internal.admin.swh.network"]
backend_http_host =>
- argo-worker01.internal.admin.swh.network
+ k8s-argocd.internal.admin.swh.network
*******************************************
Varnish::Vcl[/etc/varnish/includes/01_argocd.vcl] =>
parameters =>
content =>
@@ -7,5 +7,5 @@
backend argocd
{
- .host = "argo-worker01.internal.admin.swh.network";
+ .host = "k8s-argocd.internal.admin.swh.network";
.port = "80";
}
*******************************************
Varnish::Vcl[/etc/varnish/includes/50_vhost_argocd.softwareheritage.org.vcl] =>
parameters =>
content =>
@@ -7,4 +7,5 @@
sub vcl_recv {
if (
+ req.http.host == "argocd.internal.admin.swh.network" ||
req.http.host == "argocd-rp.internal.admin.swh.network" ||
req.http.host == "argocd.softwareheritage.org"
*******************************************
*** End octocatalog-diff on rp1.internal.admin.swh.networkDiff Detail
Diff Detail
- Repository
- rSPSITE puppet-swh-site
- Lint
Automatic diff as part of commit; lint not applicable. - Unit
Automatic diff as part of commit; unit tests not applicable.