Simplifies the deployment and management of Jetstacks cert-manager on a Kubernetes cluster.
- Add support for the latest version of Cert Manager.
Reconfigure the module to point to the new module in the Terraform public repository
module "cert-manager" {
source = "project-octal/cert-manager/kubernetes"
version = "1.0.0"
# ...
}
Migrate import the Kubernetes resources into the state and purge the old references to the resources.
###################
## Admission Registration
###################
# Import the mutating webhook configuration
terraform import -var-file=secrets.tfvars \
'module.cert_manager.module.cert_manager_webhook.kubernetes_manifest.mutating_webhook_configuration' \
"apiVersion=admissionregistration.k8s.io/v1beta1,kind=MutatingWebhookConfiguration,name=cert-manager-webhook"
# Import the validating webhook configuration
terraform import -var-file=secrets.tfvars \
'module.cert_manager.module.cert_manager_webhook.kubernetes_manifest.validating_webhook_configuration' \
"apiVersion=admissionregistration.k8s.io/v1beta1,kind=ValidatingWebhookConfiguration,name=cert-manager-webhook"
###################
## Custom Resource Definitions
###################
# Import the certificaterequests.cert-manager.io CRD
terraform import -var-file=secrets.tfvars \
'module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.certificaterequests' \
"apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=certificaterequests.cert-manager.io"
# Import the certificates.cert-manager.io CRD
terraform import -var-file=secrets.tfvars \
'module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.certificates' \
"apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=certificates.cert-manager.io"
# Import the challenges.cert-manager.io CRD
terraform import -var-file=secrets.tfvars \
'module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.challenges' \
"apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=challenges.acme.cert-manager.io"
# Import the clusterissuers.cert-manager.io CRD
terraform import -var-file=secrets.tfvars \
'module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.clusterissuers' \
"apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=clusterissuers.cert-manager.io"
# Import the issuers.cert-manager.io CRD
terraform import -var-file=secrets.tfvars \
'module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.issuers' \
"apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=issuers.cert-manager.io"
# Import the orders.cert-manager.io CRD
terraform import -var-file=secrets.tfvars \
'module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.orders' \
"apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=orders.acme.cert-manager.io"
###################
## Lets Encrypt Issuer
###################
terraform import -var-file=secrets.tfvars \
'module.cert_manager.module.cert_manager_issuers.module.letsencrypt_issuer[0].kubernetes_manifest.letsencrypt_issuer' \
"apiVersion=cert-manager.io/v1,kind=ClusterIssuer,name=letsencrypt-prod"
# Delete the old Cert-Manager CRD references from the statefile
terraform state rm 'module.cert_manager.module.cert_manager_webhook.k8s_manifest.mutating_webhook_configuration'
terraform state rm 'module.cert_manager.module.cert_manager_webhook.k8s_manifest.validating_webhook_configuration'
terraform state rm 'module.cert_manager.module.custom_resource_definitions.k8s_manifest.certificaterequests'
terraform state rm 'module.cert_manager.module.custom_resource_definitions.k8s_manifest.certificates'
terraform state rm 'module.cert_manager.module.custom_resource_definitions.k8s_manifest.challenges'
terraform state rm 'module.cert_manager.module.custom_resource_definitions.k8s_manifest.clusterissuers'
terraform state rm 'module.cert_manager.module.custom_resource_definitions.k8s_manifest.issuers'
terraform state rm 'module.cert_manager.module.custom_resource_definitions.k8s_manifest.orders'
terraform state rm 'module.cert_manager.module.cert_manager_issuers.module.letsencrypt_issuer[0].k8s_manifest.letsencrypt_issuer'
# Lastly, run a Terraform apply to make sure the states are synced up.
terraform apply -var-file secrets.tfvars
module "cert_manager" {
source = "github.com/project-octal/terraform-kubernetes-cert-manager"
certificate_issuers = {
letsencrypt = {
name = "letsencrypt-prod"
server = "https://acme-v02.api.letsencrypt.org/directory"
email = "[email protected]"
secret_base64_key = var.letsencrypt_secret_base64_key
default_issuer : true,
ingress_class = module.traefik.ingress_class
}
}
}
Name | Version |
---|---|
terraform | >= 0.14.8, < 2.0.0 |
Name | Version |
---|---|
kubernetes | 2.8.0 |
random | 3.1.3 |
Name | Source | Version |
---|---|---|
cert_manager | ./cert-manager | n/a |
cert_manager_cainjector | ./cert-manager-cainjector | n/a |
cert_manager_issuers | ./cert-manager-issuers | n/a |
cert_manager_webhook | ./cert-manager-webhook | n/a |
custom_resource_definitions | ./custom-resource-definitions | n/a |
Name | Type |
---|---|
kubernetes_namespace.namespace | resource |
random_pet.instance_name | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
cainjector_image_name | n/a | string |
"jetstack/cert-manager-cainjector" |
no |
cainjector_image_tag | n/a | string |
"v1.8.1" |
no |
certificate_issuers | An object that contains the configuration for all the enabled certificate issuers. | object({ |
{ |
no |
image_pull_policy | Determines when the image should be pulled prior to starting the container. Always : Always pull the image. | IfNotPresent : Only pull the image if it does not already exist on the node. | Never : Never pull the image |
string |
"Always" |
no |
image_repository | The image repository to use when pulling images | string |
null |
no |
labels | (optional) A map that consists of any additional labels that should be included with resources created by this module. | map(string) |
{} |
no |
manager_image_name | n/a | string |
"jetstack/cert-manager-controller" |
no |
manager_image_tag | n/a | string |
"v1.8.1" |
no |
namespace | The namespace that Cert-Manager will reside in. | string |
"cert-manager" |
no |
namespace_annotations | Additional namespace annotations. | map(string) |
{} |
no |
webhook_image_name | n/a | string |
"jetstack/cert-manager-webhook" |
no |
webhook_image_tag | n/a | string |
"v1.8.1" |
no |
Name | Description |
---|---|
cert_issuer | n/a |