The generate_https_cert playbook bootstraps a CA issuer and uses it to issue certificates for the AIS cluster, stored securely as a kubernetes secret.
To use this playbook, follow these steps:
-
Make sure you have Ansible installed on your system.
-
Create or edit your
hosts.inifile to specify thecontrollerhost where you want to apply this playbook. -
Update the variables to set namespace, DNS, and secret names in vars/https_config.yml
-
Run the playbook using the following command:
$ ansible-playbook -i hosts.ini generate_https_cert.ymlThis will execute the playbook and create the self-signed certificate on the specified controller host.
To optionally output the resulting CA certificate to a local file, provide the
cacert_filevariable:$ ansible-playbook -i hosts.ini generate_https_cert.yml -e cacert_file=local_ais_ca.crt -e cluster=aisTo fetch the certificate later, you can use the fetch_ca_cert playbook