-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* vpc updates * Test files updated to run in VPC environment * Updates to expected results for failing fvt rest api tests in new VPC environment. * Change test to check for 400 error returned by version of HAPI dependency referenced by R1 Co-authored-by: Jai D Goradia <[email protected]>
- Loading branch information
1 parent
9480b65
commit 157a5cd
Showing
24 changed files
with
221 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
# ***************************************************************** | ||
# | ||
# Licensed Materials - Property of IBM | ||
# | ||
# (C) Copyright IBM Corp. 2021. All Rights Reserved. | ||
# | ||
# US Government Users Restricted Rights - Use, duplication or | ||
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. | ||
# | ||
# ***************************************************************** | ||
|
||
# key used to generate Certificate Request | ||
resource "tls_private_key" "private_key" { | ||
algorithm = "ECDSA" | ||
ecdsa_curve = "P384" | ||
} | ||
|
||
locals { | ||
dns_names = concat([for service in var.service_names : [service, "${service}.${var.namespace}", "${service}.${var.namespace}.svc"]]...) | ||
} | ||
|
||
# Construct the CSR | ||
resource "tls_cert_request" "cert_request" { | ||
for_each = toset(var.service_names) | ||
|
||
key_algorithm = "ECDSA" | ||
private_key_pem = tls_private_key.private_key.private_key_pem | ||
dns_names = [each.key, "${each.key}.${var.namespace}", "${each.key}.${var.namespace}.svc"] | ||
|
||
subject { | ||
common_name = each.key | ||
organization = var.organization | ||
} | ||
} | ||
|
||
# Issue the certificate signing request | ||
resource "kubernetes_certificate_signing_request" "csr" { | ||
for_each = toset(var.service_names) | ||
|
||
metadata { | ||
generate_name = "${each.key}-csr" | ||
} | ||
|
||
spec { | ||
usages = ["client auth", "server auth"] | ||
request = tls_cert_request.cert_request[each.key].cert_request_pem | ||
} | ||
auto_approve = true | ||
} | ||
|
||
data "kubernetes_namespace" "namespace" { | ||
metadata { | ||
name = var.namespace | ||
} | ||
} | ||
|
||
# Get the signed certificate from the request and save it in the secret | ||
resource "kubernetes_secret" "secret" { | ||
for_each = toset(var.service_names) | ||
|
||
metadata { | ||
name = "${each.key}-tls" | ||
namespace = data.kubernetes_namespace.namespace.metadata[0].name | ||
} | ||
data = { | ||
"tls.crt" = kubernetes_certificate_signing_request.csr[each.key].certificate | ||
"tls.key" = tls_private_key.private_key.private_key_pem | ||
} | ||
type = "kubernetes.io/tls" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# ***************************************************************** | ||
# | ||
# Licensed Materials - Property of IBM | ||
# | ||
# (C) Copyright IBM Corp. 2021. All Rights Reserved. | ||
# | ||
# US Government Users Restricted Rights - Use, duplication or | ||
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. | ||
# | ||
# ***************************************************************** | ||
output "certificates" { | ||
description = "The public certificates for each service." | ||
value = { for key, value in kubernetes_certificate_signing_request.csr : (key) => value.certificate } | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# ***************************************************************** | ||
# | ||
# Licensed Materials - Property of IBM | ||
# | ||
# (C) Copyright IBM Corp. 2021. All Rights Reserved. | ||
# | ||
# US Government Users Restricted Rights - Use, duplication or | ||
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. | ||
# | ||
# ***************************************************************** | ||
variable "namespace" { | ||
description = "Kubernetes namespace to deploy to." | ||
type = string | ||
} | ||
|
||
variable "service_names" { | ||
description = "List of services names (DNS names) include as ALT names in generated TLS certificate." | ||
type = list(string) | ||
} | ||
|
||
variable "organization" { | ||
description = "Organization name (OU) for TLS certificate" | ||
type = string | ||
} | ||
|
||
variable "resource_group" { | ||
description = "Resource group" | ||
type = string | ||
} | ||
|
||
variable "kubernetes_config_context" { | ||
description = "k8s cluster config context used by the k8s terraform provider" | ||
type = string | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# ***************************************************************** | ||
# | ||
# Licensed Materials - Property of IBM | ||
# | ||
# (C) Copyright IBM Corp. 2021. All Rights Reserved. | ||
# | ||
# US Government Users Restricted Rights - Use, duplication or | ||
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. | ||
# | ||
# ***************************************************************** | ||
|
||
terraform { | ||
required_version = "0.13.6" | ||
required_providers { | ||
ibm = { | ||
source = "ibm-cloud/ibm" | ||
version = "~> 1.21.1" | ||
} | ||
} | ||
} | ||
|
||
provider "ibm" { | ||
} | ||
|
||
provider "kubernetes" { | ||
config_path = "~/.kube/config" | ||
config_context = var.kubernetes_config_context | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.