Simplifies the deployment and management of Jetstacks cert-manager on a Kubernetes cluster.
Add support for the latest version of Cert Manager.
v0.0.4 to v1.0.0 Upgrade Notes
Reconfigure the module to point to the new module in the Terraform public repository
module "cert-manager" {
source = " project-octal/cert-manager/kubernetes"
version = " 1.0.0"
# ...
}
Migrate import the Kubernetes resources into the state and purge the old references to the resources.
# ##################
# # Admission Registration
# ##################
# Import the mutating webhook configuration
terraform import -var-file=secrets.tfvars \
' module.cert_manager.module.cert_manager_webhook.kubernetes_manifest.mutating_webhook_configuration' \
" apiVersion=admissionregistration.k8s.io/v1beta1,kind=MutatingWebhookConfiguration,name=cert-manager-webhook"
# Import the validating webhook configuration
terraform import -var-file=secrets.tfvars \
' module.cert_manager.module.cert_manager_webhook.kubernetes_manifest.validating_webhook_configuration' \
" apiVersion=admissionregistration.k8s.io/v1beta1,kind=ValidatingWebhookConfiguration,name=cert-manager-webhook"
# ##################
# # Custom Resource Definitions
# ##################
# Import the certificaterequests.cert-manager.io CRD
terraform import -var-file=secrets.tfvars \
' module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.certificaterequests' \
" apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=certificaterequests.cert-manager.io"
# Import the certificates.cert-manager.io CRD
terraform import -var-file=secrets.tfvars \
' module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.certificates' \
" apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=certificates.cert-manager.io"
# Import the challenges.cert-manager.io CRD
terraform import -var-file=secrets.tfvars \
' module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.challenges' \
" apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=challenges.acme.cert-manager.io"
# Import the clusterissuers.cert-manager.io CRD
terraform import -var-file=secrets.tfvars \
' module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.clusterissuers' \
" apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=clusterissuers.cert-manager.io"
# Import the issuers.cert-manager.io CRD
terraform import -var-file=secrets.tfvars \
' module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.issuers' \
" apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=issuers.cert-manager.io"
# Import the orders.cert-manager.io CRD
terraform import -var-file=secrets.tfvars \
' module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.orders' \
" apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=orders.acme.cert-manager.io"
# ##################
# # Lets Encrypt Issuer
# ##################
terraform import -var-file=secrets.tfvars \
' module.cert_manager.module.cert_manager_issuers.module.letsencrypt_issuer[0].kubernetes_manifest.letsencrypt_issuer' \
" apiVersion=cert-manager.io/v1,kind=ClusterIssuer,name=letsencrypt-prod"
# Delete the old Cert-Manager CRD references from the statefile
terraform state rm ' module.cert_manager.module.cert_manager_webhook.k8s_manifest.mutating_webhook_configuration'
terraform state rm ' module.cert_manager.module.cert_manager_webhook.k8s_manifest.validating_webhook_configuration'
terraform state rm ' module.cert_manager.module.custom_resource_definitions.k8s_manifest.certificaterequests'
terraform state rm ' module.cert_manager.module.custom_resource_definitions.k8s_manifest.certificates'
terraform state rm ' module.cert_manager.module.custom_resource_definitions.k8s_manifest.challenges'
terraform state rm ' module.cert_manager.module.custom_resource_definitions.k8s_manifest.clusterissuers'
terraform state rm ' module.cert_manager.module.custom_resource_definitions.k8s_manifest.issuers'
terraform state rm ' module.cert_manager.module.custom_resource_definitions.k8s_manifest.orders'
terraform state rm ' module.cert_manager.module.cert_manager_issuers.module.letsencrypt_issuer[0].k8s_manifest.letsencrypt_issuer'
# Lastly, run a Terraform apply to make sure the states are synced up.
terraform apply -var-file secrets.tfvars
module "cert_manager" {
source = "github.com/project-octal/terraform-kubernetes-cert-manager"
certificate_issuers = {
letsencrypt = {
name = "letsencrypt-prod"
server = "https://acme-v02.api.letsencrypt.org/directory"
email = "[email protected] "
secret_base64_key = var.letsencrypt_secret_base64_key
default_issuer : true,
ingress_class = module.traefik.ingress_class
}
}
}
Name
Description
Type
Default
Required
cainjector_image_name
n/a
string
"jetstack/cert-manager-cainjector"
no
cainjector_image_tag
n/a
string
"v1.8.1"
no
certificate_issuers
An object that contains the configuration for all the enabled certificate issuers.
object({ letsencrypt = object({ name : string, server : string, email : string, secret_base64_key : string, default_issuer : bool, ingress_class : string }) # TODO: Add support for another one so this doesnt look so silly })
{ "letsencrypt": null }
no
image_pull_policy
Determines when the image should be pulled prior to starting the container. Always
: Always pull the image. | IfNotPresent
: Only pull the image if it does not already exist on the node. | Never
: Never pull the image
string
"Always"
no
image_repository
The image repository to use when pulling images
string
null
no
labels
(optional) A map that consists of any additional labels that should be included with resources created by this module.
map(string)
{}
no
manager_image_name
n/a
string
"jetstack/cert-manager-controller"
no
manager_image_tag
n/a
string
"v1.8.1"
no
namespace
The namespace that Cert-Manager will reside in.
string
"cert-manager"
no
namespace_annotations
Additional namespace annotations.
map(string)
{}
no
webhook_image_name
n/a
string
"jetstack/cert-manager-webhook"
no
webhook_image_tag
n/a
string
"v1.8.1"
no