fix: change puppet compilers to use HTTP for internal puppetdb connections
This resolves SSL certificate verification failures preventing puppetdb access - Update OPENVOXDB_SERVER_URLS from https://puppetdb:8081 to http://puppetdb:8080 - External access to puppetdb will still use HTTPS via ingress - Internal cluster communication does not require encryption
This commit is contained in:
@@ -12,7 +12,7 @@ metadata:
|
|||||||
data:
|
data:
|
||||||
OPENVOXSERVER_PORT: "8140"
|
OPENVOXSERVER_PORT: "8140"
|
||||||
DNS_ALT_NAMES: "puppetserver-compiler-0,puppetserver-compiler-1,puppetserver-compiler-2,puppetserver-compiler-3,puppetserver-compiler-4,puppet,puppet.k8s.syd1.au.unkin.net"
|
DNS_ALT_NAMES: "puppetserver-compiler-0,puppetserver-compiler-1,puppetserver-compiler-2,puppetserver-compiler-3,puppetserver-compiler-4,puppet,puppet.k8s.syd1.au.unkin.net"
|
||||||
OPENVOXDB_SERVER_URLS: "https://puppetdb:8081"
|
OPENVOXDB_SERVER_URLS: "http://puppetdb:8080"
|
||||||
CA_ENABLED: "false"
|
CA_ENABLED: "false"
|
||||||
CA_HOSTNAME: "puppetca"
|
CA_HOSTNAME: "puppetca"
|
||||||
CA_PORT: "8140"
|
CA_PORT: "8140"
|
||||||
|
|||||||
@@ -13,6 +13,6 @@ data:
|
|||||||
OPENVOXSERVER_HOSTNAME: "puppet"
|
OPENVOXSERVER_HOSTNAME: "puppet"
|
||||||
OPENVOXSERVER_PORT: "8140"
|
OPENVOXSERVER_PORT: "8140"
|
||||||
DNS_ALT_NAMES: "puppet,puppetserver-agents-to-puppet,puppetca,puppet-headless,puppetca.k8s.syd1.au.unkin.net,puppet.k8s.syd1.au.unkin.net"
|
DNS_ALT_NAMES: "puppet,puppetserver-agents-to-puppet,puppetca,puppet-headless,puppetca.k8s.syd1.au.unkin.net,puppet.k8s.syd1.au.unkin.net"
|
||||||
OPENVOXDB_SERVER_URLS: "https://puppetdb:8081"
|
OPENVOXDB_SERVER_URLS: "http://puppetdb:8080"
|
||||||
CA_ALLOW_SUBJECT_ALT_NAMES: "true"
|
CA_ALLOW_SUBJECT_ALT_NAMES: "true"
|
||||||
PUPPETSERVER_JAVA_ARGS: "-Xms1024m -Xmx3072m -Dcom.sun.management.jmxremote.port=31000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
|
PUPPETSERVER_JAVA_ARGS: "-Xms1024m -Xmx3072m -Dcom.sun.management.jmxremote.port=31000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
|
||||||
|
|||||||
@@ -23,6 +23,6 @@ spec:
|
|||||||
service:
|
service:
|
||||||
name: puppetdb
|
name: puppetdb
|
||||||
port:
|
port:
|
||||||
number: 8081
|
number: 8080
|
||||||
path: /
|
path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
|||||||
@@ -52,7 +52,7 @@ spec:
|
|||||||
- name: DNS_ALT_NAMES
|
- name: DNS_ALT_NAMES
|
||||||
value: puppetserver-compiler-0,puppetserver-compiler-1,puppetserver-compiler-2,puppetserver-compiler-3,puppetserver-compiler-4,puppet-headless,puppet,puppet.k8s.syd1.au.unkin.net
|
value: puppetserver-compiler-0,puppetserver-compiler-1,puppetserver-compiler-2,puppetserver-compiler-3,puppetserver-compiler-4,puppet-headless,puppet,puppet.k8s.syd1.au.unkin.net
|
||||||
- name: OPENVOXDB_SERVER_URLS
|
- name: OPENVOXDB_SERVER_URLS
|
||||||
value: https://puppetdb:8081
|
value: http://puppetdb:8080
|
||||||
- name: CA_ENABLED
|
- name: CA_ENABLED
|
||||||
value: "false"
|
value: "false"
|
||||||
- name: CA_HOSTNAME
|
- name: CA_HOSTNAME
|
||||||
|
|||||||
Reference in New Issue
Block a user