r/apache: Use variables for HTTPS cert/key content

Using files for certificates and private keys is less than ideal. The only way to "share" a certificate between multiple hosts is with symbolic links, which means the configuration policy has to be prepared for each managed system. As we're moving toward a much more dynamic environment, this becomes problematic; the host-provisioner will never be able to copy a certificate to a new host that was just created. Further, I have never really liked the idea of storing certificates and private keys in Git anyway, even if it is in a submodule with limited access.
2025-07-09 11:59:17 -05:00
parent f08f147931
commit 906819dd1c
22 changed files with 52 additions and 56 deletions
--- a/group_vars/wildcard-cert.yml
+++ b/group_vars/wildcard-cert.yml
@@ -0,0 +1,21 @@
+apache_ssl_certificate_data: >-
+  {{
+  query(
+    "kubernetes.core.k8s",
+    kind="Secret",
+    namespace="default",
+    resource_name="pyrocufflink-cert"
+  )[0].data["tls.crt"]
+  | b64decode
+  }}
+
+apache_ssl_certificate_key_data: >-
+  {{
+  query(
+    "kubernetes.core.k8s",
+    kind="Secret",
+    namespace="default",
+    resource_name="pyrocufflink-cert"
+  )[0].data["tls.key"]
+  | b64decode
+  }}