Skip to content

StatCan/terraform-kubernetes-cert-manager-issuer

Repository files navigation

Terraform Kubernetes Cert Manager Issuer

Introduction

A terraform module for deploying a Issuer or ClusterIssuer CR based on the clusterissuers.cert-manager.io or issuers.cert-manager.io CRDs to a Kubernetes cluster

Requirements

Name Version
terraform >= 0.13
helm >= 2.0.0

Inputs

Name Description Type Default Required
acme_dns01_azuredns_hosted_zone_name the DNS zone to use for azureDNS solver string n/a yes
acme_dns01_azuredns_resource_group_name the azure resource group which contains azureDNS string n/a yes
acme_dns01_azuredns_subscription_id the azure subscription ID where azureDNS is located. required for DNS challenge solver string n/a yes
acme_email the email associated with the ACME issuer account. this will be used as a primary point of contact for certificate expiry and issues related to the ACME account string n/a yes
acme_http01_ingress_class the name of the ingress class to use in association with the generated ClusterIssuer. Challenge solver configurations can be configured for the ingress controller string n/a yes
name the name of the issuer release and by default the resulting ClusterIssuer name string n/a yes
namespace The namespace where the resources should be deployed. string n/a yes
acme_http01_ingress_service_type Defines what type of Service should be created. string "NodePort" no
acme_server a url pointing to a ACME server to use for certificate generation/signing. Provided host MUST adhere to the ACME spec string "https://acme-staging-v02.api.letsencrypt.org/directory" no

Usage

module "helm_cert_manager_issuer" {
  source = "git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-cert-manager-issuer.git?ref=v1.2.0"

  name      = "cert-manager-issuer"
  namespace = "cert-manager-system"

  acme_dns01_azuredns_hosted_zone_name    = var.acme_dns01_azuredns_hosted_zone_name
  acme_dns01_azuredns_resource_group_name = var.acme_dns01_azuredns_resource_group_name
  acme_dns01_azuredns_subscription_id     = var.acme_dns01_azuredns_subscription_id

  acme_email                = var.acme_email
  acme_http01_ingress_class = var.acme_http01_ingress_class
}

Outputs

Name Description
namespace The namespace the identity resides.