Skip to content

Commit b12f2b6

Browse files
J0ziAllda
J0zi
authored and
Allda
committed
Certificate valid outside domain
Signed-off-by: J0zi <[email protected]>
1 parent 0b00a61 commit b12f2b6

File tree

2 files changed

+25
-1
lines changed

2 files changed

+25
-1
lines changed

ansible/roles/install-kind-cluster/defaults/main.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,3 +34,4 @@ tekton_dashboard_version: v0.24.1
3434
tekton_validate_certs: true
3535
kind_verify_index_image: quay.io/operatorhubio/catalog_tmp:latest
3636
kind_verify_index_image_local: localhost:5000/operatorhubio/catalog_tmp:latest
37+

ansible/roles/install-kind-cluster/tasks/install_registry.yml

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,31 @@
1919
- absent
2020
- directory
2121

22+
- name: "Reset subjectAltName and set 'ikc_subjectAltName_values'"
23+
ansible.builtin.set_fact:
24+
ikc_subjectAltName: ""
25+
ikc_subjectAltName_values:
26+
- "{{ registry_hostname }}"
27+
- "localhost"
28+
- "host.containers.internal"
29+
- "{{ ansible_default_ipv4.address }}.sslip.io"
30+
31+
- name: "Add IPv6 if exists"
32+
ansible.builtin.set_fact:
33+
ikc_subjectAltName_values: "{{ ikc_subjectAltName_values | default([]) + [ansible_default_ipv6.address| replace(':','-')+'.sslip.io'] }}"
34+
when: ansible_default_ipv6.address is defined and ansible_default_ipv6.address|length >0
35+
36+
- name: "Prepend 'DNS:'"
37+
ansible.builtin.set_fact:
38+
ikc_subjectAltName_list: "{{ ikc_subjectAltName_list | default([]) + ['DNS:'+item] }}"
39+
loop: "{{ ikc_subjectAltName_values }}"
40+
41+
- name: "Join comma separated from 'ikc_subjectAltName_list'"
42+
ansible.builtin.set_fact:
43+
ikc_subjectAltName: "{{ ikc_subjectAltName_list | join(',') }}"
44+
2245
- name: "Generate certificate in to '{{ registry_cert_dir }}' for host '{{ registry_hostname }}'"
23-
ansible.builtin.command: 'openssl req -newkey rsa:4096 -nodes -sha256 -keyout {{ registry_cert_dir }}/domain.key -x509 -days 365 -subj ''/CN=${reg_name}'' -addext "subjectAltName=DNS:{{ registry_hostname }},DNS:localhost,DNS:host.containers.internal" -out {{ registry_cert_dir }}/domain.crt -batch'
46+
ansible.builtin.command: 'openssl req -newkey rsa:4096 -nodes -sha256 -keyout {{ registry_cert_dir }}/domain.key -x509 -days 365 -subj ''/CN=${reg_name}'' -addext "subjectAltName={{ ikc_subjectAltName }}" -out {{ registry_cert_dir }}/domain.crt -batch'
2447
failed_when: false
2548
changed_when: true
2649

0 commit comments

Comments
 (0)