feat: (IAC-480) Change default certificate generator to openssl (#245)

sassoftware · Jul 5, 2022 · cbc46e0 · cbc46e0
1 parent 7e8cbf7
commit cbc46e0
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md
@@ -179,11 +179,11 @@ When setting V4_CFG_MANAGE_STORAGE to true, A new storage classes will be create
 
 ## TLS
 
-Viya 4 supports 2 different types of certificate generators, Cert-manager and openssl. The openssl certificate generator cannot be used in conjunction with the viya4-monitoring-kubernetes stack.
+Viya 4 supports 2 different types of certificate generators, cert-manager and openssl.
 
 | Name | Description | Type | Default | Required | Notes | Tasks |
 | :--- | ---: | ---: | ---: | ---: | ---: | ---: |
-| V4_CFG_TLS_GENERATOR | Which tool to use for certificate generation | string | cert-manager | false | Supported values: [`cert-manager`,`openssl`]. | viya, cluster-logging, cluster-monitoring |
+| V4_CFG_TLS_GENERATOR | Which tool to use for certificate generation | string | openssl | false | Supported values: [`cert-manager`,`openssl`]. | viya, cluster-logging, cluster-monitoring |
 | V4_CFG_TLS_MODE | Which TLS mode to configure | string | front-door | false | Supported values: [`full-stack`,`front-door`,`disabled.`] When deploying full-stack you must set V4_CFG_TLS_TRUSTED_CA_CERTS to trust external postgres server ca. | all |
 | V4_CFG_TLS_CERT | Path to ingress certificate file | string | | false | If specified, used instead of cert-manager issued certificates | viya |
 | V4_CFG_TLS_KEY | Path to ingress key file | string | | false | Required when V4_CFG_TLS_CERT is specified | viya |
@@ -279,7 +279,7 @@ V4_CFG_POSTGRES_SERVERS:
 
 | Name | Description | Type | Default | Required | Notes | Tasks |
 | :--- | ---: | ---: | ---: | ---: | ---: | ---: |
-| CERT_MANAGER_ENABLED | Whether to deploy tool | bool | true | false | | baseline |
+| CERT_MANAGER_ENABLED | Whether to deploy cert-manager into the cluster using helm | bool | false | false | Required if V4_CFG_TLS_GENERATOR is set to `cert-manager` and it's not already installed | baseline |
 | CERT_MANAGER_NAMESPACE | cert-manager helm install namespace | string | cert-manager | false | | baseline |
 | CERT_MANAGER_CHART_URL | cert-manager helm chart url | string | https://charts.jetstack.io/ | false | | baseline |
 | CERT_MANAGER_CHART_NAME| cert-manager helm chart name | string | cert-manager| false | | baseline |

diff --git a/roles/baseline/defaults/main.yml b/roles/baseline/defaults/main.yml
@@ -4,7 +4,7 @@ V4_CFG_INGRESS_TYPE: ingress
 V4_CFG_INGRESS_MODE: public
 
 ## Cert-manager
-CERT_MANAGER_ENABLED: true
+CERT_MANAGER_ENABLED: false
 CERT_MANAGER_NAME: cert-manager
 CERT_MANAGER_NAMESPACE: cert-manager
 CERT_MANAGER_CHART_NAME: cert-manager

diff --git a/roles/vdm/defaults/main.yaml b/roles/vdm/defaults/main.yaml
@@ -36,7 +36,7 @@ V4_CFG_TLS_MODE: "front-door" # other valid values are full-stack, ingress-only,
 V4_CFG_TLS_CERT: null
 V4_CFG_TLS_KEY: null
 V4_CFG_TLS_TRUSTED_CA_CERTS: null
-V4_CFG_TLS_GENERATOR: cert-manager # [cert-manager,openssl]
+V4_CFG_TLS_GENERATOR: openssl # [cert-manager,openssl]
 
 V4_CFG_CONSUL_ENABLE_LOADBALANCER: false
 V4_CFG_EMBEDDED_LDAP_ENABLE: false