Merge pull request #1 from project-octal/feature/kubernetes_manifest

Feature/kubernetes manifest

README.md

@@ -4,10 +4,94 @@
 Simplifies the deployment and management of Jetstacks cert-manager on a Kubernetes cluster.
 
 ### TODO:
-- Update the Terraform version to 1.0+
-- Deprecate the `k8s` provider in favor of the `kubernetes_manifest` resource in the `kubernetes` provider.
 - Add support for the latest version of Cert Manager. 
 
+---
+
+## v0.0.4 to v1.0.0 Upgrade Notes
+Reconfigure the module to point to the new module in the Terraform public repository
+```hcl
+module "cert-manager" {
+  source  = "project-octal/cert-manager/kubernetes"
+  version = "1.0.0"
+  # ...
+}
+```
+
+Migrate import the Kubernetes resources into the state and purge the old references to the resources.
+```shell
+
+###################
+## Admission Registration
+###################
+
+# Import the mutating webhook configuration
+terraform import -var-file=secrets.tfvars \
+'module.cert_manager.module.cert_manager_webhook.kubernetes_manifest.mutating_webhook_configuration' \
+"apiVersion=admissionregistration.k8s.io/v1beta1,kind=MutatingWebhookConfiguration,name=cert-manager-webhook"
+
+# Import the validating webhook configuration
+terraform import -var-file=secrets.tfvars \
+'module.cert_manager.module.cert_manager_webhook.kubernetes_manifest.validating_webhook_configuration' \
+"apiVersion=admissionregistration.k8s.io/v1beta1,kind=ValidatingWebhookConfiguration,name=cert-manager-webhook"
+
+###################
+## Custom Resource Definitions
+###################
+
+# Import the certificaterequests.cert-manager.io CRD
+terraform import -var-file=secrets.tfvars \
+'module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.certificaterequests' \
+"apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=certificaterequests.cert-manager.io"
+
+# Import the certificates.cert-manager.io CRD
+terraform import -var-file=secrets.tfvars \
+'module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.certificates' \
+"apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=certificates.cert-manager.io"
+
+# Import the challenges.cert-manager.io CRD
+terraform import -var-file=secrets.tfvars \
+'module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.challenges' \
+"apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=challenges.acme.cert-manager.io"
+
+# Import the clusterissuers.cert-manager.io CRD
+terraform import -var-file=secrets.tfvars \
+'module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.clusterissuers' \
+"apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=clusterissuers.cert-manager.io"
+
+# Import the issuers.cert-manager.io CRD
+terraform import -var-file=secrets.tfvars \
+'module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.issuers' \
+"apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=issuers.cert-manager.io"
+
+# Import the orders.cert-manager.io CRD
+terraform import -var-file=secrets.tfvars \
+'module.cert_manager.module.custom_resource_definitions.kubernetes_manifest.orders' \
+"apiVersion=apiextensions.k8s.io/v1,kind=CustomResourceDefinition,name=orders.acme.cert-manager.io"
+
+###################
+## Lets Encrypt Issuer
+###################
+terraform import -var-file=secrets.tfvars \
+'module.cert_manager.module.cert_manager_issuers.module.letsencrypt_issuer[0].kubernetes_manifest.letsencrypt_issuer' \
+"apiVersion=cert-manager.io/v1,kind=ClusterIssuer,name=letsencrypt-prod"
+
+# Delete the old Cert-Manager CRD references from the statefile
+terraform state rm 'module.cert_manager.module.cert_manager_webhook.k8s_manifest.mutating_webhook_configuration'
+terraform state rm 'module.cert_manager.module.cert_manager_webhook.k8s_manifest.validating_webhook_configuration'
+terraform state rm 'module.cert_manager.module.custom_resource_definitions.k8s_manifest.certificaterequests'
+terraform state rm 'module.cert_manager.module.custom_resource_definitions.k8s_manifest.certificates'
+terraform state rm 'module.cert_manager.module.custom_resource_definitions.k8s_manifest.challenges'
+terraform state rm 'module.cert_manager.module.custom_resource_definitions.k8s_manifest.clusterissuers'
+terraform state rm 'module.cert_manager.module.custom_resource_definitions.k8s_manifest.issuers'
+terraform state rm 'module.cert_manager.module.custom_resource_definitions.k8s_manifest.orders'
+terraform state rm 'module.cert_manager.module.cert_manager_issuers.module.letsencrypt_issuer[0].k8s_manifest.letsencrypt_issuer'
+
+# Lastly, run a Terraform apply to make sure the states are synced up.
+terraform apply -var-file secrets.tfvars
+```
+---
+
 ### Example
 ```hcl-terraform
 module "cert_manager" {
@@ -31,15 +115,15 @@ module "cert_manager" {
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
-| <a name="requirement_k8s"></a> [k8s](#requirement\_k8s) | 0.8.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.8, < 2.0.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | ~> 2.6.1 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | n/a |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.6.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.1.0 |
 
 ## Modules
 

cert-manager-cainjector/versions.tf

@@ -1,12 +1,9 @@
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 0.14.8, < 2.0.0"
   required_providers {
     kubernetes = {
-      source = "hashicorp/kubernetes"
-    }
-    k8s = {
-      version = ">= 0.8.0"
-      source  = "banzaicloud/k8s"
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.6.1"
     }
   }
 }

cert-manager-issuers/letsencrypt/main.tf

@@ -28,12 +28,8 @@ resource "kubernetes_secret" "letsencrypt_issuer_secret" {
   }
 }
 
-resource "k8s_manifest" "letsencrypt_issuer" {
-  content = yamlencode(local.letsencrypt_issuer)
-}
-
-locals {
-  letsencrypt_issuer = {
+resource "kubernetes_manifest" "letsencrypt_issuer" {
+  manifest = {
     apiVersion = "cert-manager.io/v1"
     kind       = "ClusterIssuer"
     metadata = {

cert-manager-issuers/letsencrypt/versions.tf

@@ -1,12 +1,9 @@
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 0.14.8, < 2.0.0"
   required_providers {
     kubernetes = {
-      source = "hashicorp/kubernetes"
-    }
-    k8s = {
-      source  = "banzaicloud/k8s"
-      version = "0.8.0"
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.6.1"
     }
   }
 }

cert-manager-webhook/mutating-webhook-configuration.tf

@@ -1,9 +1,5 @@
-resource "k8s_manifest" "mutating_webhook_configuration" {
-  content = yamlencode(local.mutating_webhook_configuration)
-}
-
-locals {
-  mutating_webhook_configuration = {
+resource "kubernetes_manifest" "mutating_webhook_configuration" {
+  manifest = {
     "apiVersion" = "admissionregistration.k8s.io/v1beta1"
     "kind"       = "MutatingWebhookConfiguration"
     "metadata" = {

cert-manager-webhook/validating-webhook-configuration.tf

@@ -1,9 +1,5 @@
-resource "k8s_manifest" "validating_webhook_configuration" {
-  content = yamlencode(local.validating_webhook_configuration)
-}
-
-locals {
-  validating_webhook_configuration = {
+resource "kubernetes_manifest" "validating_webhook_configuration" {
+  manifest = {
     "apiVersion" = "admissionregistration.k8s.io/v1beta1"
     "kind"       = "ValidatingWebhookConfiguration"
     "metadata" = {

cert-manager-webhook/versions.tf

@@ -1,12 +1,9 @@
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 0.14.8, < 2.0.0"
   required_providers {
     kubernetes = {
-      source = "hashicorp/kubernetes"
-    }
-    k8s = {
-      version = ">= 0.8.0"
-      source  = "banzaicloud/k8s"
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.6.1"
     }
   }
 }

cert-manager/versions.tf

@@ -1,12 +1,9 @@
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 0.14.8, < 2.0.0"
   required_providers {
     kubernetes = {
-      source = "hashicorp/kubernetes"
-    }
-    k8s = {
-      version = ">= 0.8.0"
-      source  = "banzaicloud/k8s"
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.6.1"
     }
   }
 }

custom-resource-definitions/certificaterequests.cert-manager.io.yml

@@ -796,9 +796,3 @@ spec:
       storage: true
       subresources:
         status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

custom-resource-definitions/certificates.cert-manager.io.yml

@@ -1664,9 +1664,3 @@ spec:
       storage: true
       subresources:
         status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

custom-resource-definitions/challenges.acme.cert-manager.io.yml

@@ -6016,9 +6016,3 @@ spec:
       storage: true
       subresources:
         status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

custom-resource-definitions/clusterissuers.cert-manager.io.yml

@@ -7920,9 +7920,3 @@ spec:
       storage: true
       subresources:
         status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

custom-resource-definitions/custom-resource-definitions.tf

@@ -1,18 +1,18 @@
-resource "k8s_manifest" "certificaterequests" {
-  content = templatefile("${path.module}/certificaterequests.cert-manager.io.yml", {})
+resource "kubernetes_manifest" "certificaterequests" {
+  manifest = yamldecode(templatefile("${path.module}/certificaterequests.cert-manager.io.yml", {}))
 }
-resource "k8s_manifest" "certificates" {
-  content = templatefile("${path.module}/certificates.cert-manager.io.yml", {})
+resource "kubernetes_manifest" "certificates" {
+  manifest = yamldecode(templatefile("${path.module}/certificates.cert-manager.io.yml", {}))
 }
-resource "k8s_manifest" "challenges" {
-  content = templatefile("${path.module}/challenges.acme.cert-manager.io.yml", {})
+resource "kubernetes_manifest" "challenges" {
+  manifest = yamldecode(templatefile("${path.module}/challenges.acme.cert-manager.io.yml", {}))
 }
-resource "k8s_manifest" "clusterissuers" {
-  content = templatefile("${path.module}/clusterissuers.cert-manager.io.yml", {})
+resource "kubernetes_manifest" "clusterissuers" {
+  manifest = yamldecode(templatefile("${path.module}/clusterissuers.cert-manager.io.yml", {}))
 }
-resource "k8s_manifest" "issuers" {
-  content = templatefile("${path.module}/issuers.cert-manager.io.yml", {})
+resource "kubernetes_manifest" "issuers" {
+  manifest = yamldecode(templatefile("${path.module}/issuers.cert-manager.io.yml", {}))
 }
-resource "k8s_manifest" "orders" {
-  content = templatefile("${path.module}/orders.acme.cert-manager.io.yml", {})
+resource "kubernetes_manifest" "orders" {
+  manifest = yamldecode(templatefile("${path.module}/orders.acme.cert-manager.io.yml", {}))
 }

custom-resource-definitions/issuers.cert-manager.io.yml

@@ -7916,9 +7916,3 @@ spec:
       storage: true
       subresources:
         status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

custom-resource-definitions/orders.acme.cert-manager.io.yml

@@ -862,9 +862,3 @@ spec:
       storage: true
       subresources:
         status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

custom-resource-definitions/versions.tf

@@ -1,9 +1,9 @@
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 0.14.8, < 2.0.0"
   required_providers {
-    k8s = {
-      version = ">= 0.8.0"
-      source  = "banzaicloud/k8s"
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.6.1"
     }
   }
 }

versions.tf

@@ -1,14 +1,10 @@
 terraform {
-  required_version = ">= 0.14, < 2.0.0"
+  required_version = ">= 0.14.8, < 2.0.0"
   required_providers {
     kubernetes = {
       source  = "hashicorp/kubernetes"
       version = "~> 2.6.1"
     }
-    k8s = {
-      source  = "banzaicloud/k8s"
-      version = "0.8.0"
-    }
     random = {
       source = "hashicorp/random"
     }