From 9940b5f08dd0ae3fc37ca7ca6b7c468e76c1535a Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Thu, 19 Mar 2026 01:46:08 +1100 Subject: [PATCH] fix: change puppet compilers to use HTTP for internal puppetdb connections This resolves SSL certificate verification failures preventing puppetdb access - Update OPENVOXDB_SERVER_URLS from https://puppetdb:8081 to http://puppetdb:8080 - External access to puppetdb will still use HTTPS via ingress - Internal cluster communication does not require encryption --- apps/base/puppet/configmap_puppetserver-compiler-config.yaml | 2 +- apps/base/puppet/configmap_puppetserver-master-config.yaml | 2 +- apps/base/puppet/ingress_puppetdb.yaml | 2 +- apps/base/puppet/statefulset_puppetserver-compiler.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/base/puppet/configmap_puppetserver-compiler-config.yaml b/apps/base/puppet/configmap_puppetserver-compiler-config.yaml index 2f3decd..856a525 100644 --- a/apps/base/puppet/configmap_puppetserver-compiler-config.yaml +++ b/apps/base/puppet/configmap_puppetserver-compiler-config.yaml @@ -12,7 +12,7 @@ metadata: data: OPENVOXSERVER_PORT: "8140" DNS_ALT_NAMES: "puppetserver-compiler-0,puppetserver-compiler-1,puppetserver-compiler-2,puppetserver-compiler-3,puppetserver-compiler-4,puppet,puppet.k8s.syd1.au.unkin.net" - OPENVOXDB_SERVER_URLS: "https://puppetdb:8081" + OPENVOXDB_SERVER_URLS: "http://puppetdb:8080" CA_ENABLED: "false" CA_HOSTNAME: "puppetca" CA_PORT: "8140" diff --git a/apps/base/puppet/configmap_puppetserver-master-config.yaml b/apps/base/puppet/configmap_puppetserver-master-config.yaml index 2bf4ce7..9683f6f 100644 --- a/apps/base/puppet/configmap_puppetserver-master-config.yaml +++ b/apps/base/puppet/configmap_puppetserver-master-config.yaml @@ -13,6 +13,6 @@ data: OPENVOXSERVER_HOSTNAME: "puppet" OPENVOXSERVER_PORT: "8140" DNS_ALT_NAMES: "puppet,puppetserver-agents-to-puppet,puppetca,puppet-headless,puppetca.k8s.syd1.au.unkin.net,puppet.k8s.syd1.au.unkin.net" - OPENVOXDB_SERVER_URLS: "https://puppetdb:8081" + OPENVOXDB_SERVER_URLS: "http://puppetdb:8080" CA_ALLOW_SUBJECT_ALT_NAMES: "true" PUPPETSERVER_JAVA_ARGS: "-Xms1024m -Xmx3072m -Dcom.sun.management.jmxremote.port=31000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" diff --git a/apps/base/puppet/ingress_puppetdb.yaml b/apps/base/puppet/ingress_puppetdb.yaml index 8f4793e..55c8679 100644 --- a/apps/base/puppet/ingress_puppetdb.yaml +++ b/apps/base/puppet/ingress_puppetdb.yaml @@ -23,6 +23,6 @@ spec: service: name: puppetdb port: - number: 8081 + number: 8080 path: / pathType: Prefix diff --git a/apps/base/puppet/statefulset_puppetserver-compiler.yaml b/apps/base/puppet/statefulset_puppetserver-compiler.yaml index 38824e6..94bbbf2 100644 --- a/apps/base/puppet/statefulset_puppetserver-compiler.yaml +++ b/apps/base/puppet/statefulset_puppetserver-compiler.yaml @@ -52,7 +52,7 @@ spec: - name: DNS_ALT_NAMES value: puppetserver-compiler-0,puppetserver-compiler-1,puppetserver-compiler-2,puppetserver-compiler-3,puppetserver-compiler-4,puppet-headless,puppet,puppet.k8s.syd1.au.unkin.net - name: OPENVOXDB_SERVER_URLS - value: https://puppetdb:8081 + value: http://puppetdb:8080 - name: CA_ENABLED value: "false" - name: CA_HOSTNAME