forked from terraform-iaac/terraform-kubernetes-cert-manager
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
87 lines (69 loc) · 2.71 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
resource "kubernetes_namespace" "cert_manager" {
count = var.create_namespace ? 1 : 0
metadata {
annotations = {
name = var.namespace_name
}
name = var.namespace_name
}
}
resource "helm_release" "cert_manager" {
chart = "cert-manager"
repository = "https://charts.jetstack.io"
name = "cert-manager"
namespace = var.create_namespace ? kubernetes_namespace.cert_manager[0].id : var.namespace_name
version = var.chart_version
create_namespace = false
set {
name = "installCRDs"
value = "true"
}
dynamic "set" {
for_each = var.additional_set
content {
name = set.value.name
value = set.value.value
type = lookup(set.value, "type", null)
}
}
}
resource "time_sleep" "wait" {
create_duration = "60s"
depends_on = [helm_release.cert_manager]
}
resource "kubectl_manifest" "cluster_issuer" {
count = var.cluster_issuer_create ? 1 : 0
validate_schema = false
yaml_body = var.cluster_issuer_yaml == null ? yamlencode(local.cluster_issuer) : var.cluster_issuer_yaml
depends_on = [kubernetes_namespace.cert_manager, helm_release.cert_manager, time_sleep.wait]
}
module "certificates" {
for_each = { for k, v in var.certificates : k => v }
source = "./modules/_certificate"
name = each.key
namespace = try(each.value.namespace, var.namespace_name)
annotations = try(each.value.annotations, {})
secret_name = try(each.value.secret_name, "${each.key}-tls")
secret_annotations = try(each.value.secret_annotations, {})
secret_labels = try(each.value.secret_labels, {})
duration = try(each.value.duration, "2160h")
renew_before = try(each.value.renew_before, "360h")
organizations = try(each.value.organizations, [])
is_ca = try(each.value.is_ca, false)
private_key_algorithm = try(each.value.private_key_algorithm, "RSA")
private_key_encoding = try(each.value.private_key_encoding, "PKCS1")
private_key_size = try(each.value.private_key_size, 2048)
usages = try(each.value.usages, ["server auth", "client auth", ])
dns_names = each.value.dns_names
uris = try(each.value.uris, [])
ip_addresses = try(each.value.ip_addresses, [])
issuer_name = try(each.value.issuer_name, var.cluster_issuer_name)
issuer_kind = try(each.value.issuer_kind, "ClusterIssuer")
issuer_group = try(each.value.issuer_group, "")
}
resource "kubectl_manifest" "certificates" {
for_each = { for k, cc in module.certificates : k => cc }
validate_schema = false
yaml_body = yamlencode(each.value.map)
depends_on = [kubectl_manifest.cluster_issuer]
}