nemoinho/base-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fda7cac5c053796a370a88c95c25a5a097eb0204
base-infra/k8s/main.tf
Felix Nehrke 1b32fb309c Add cert-manager and let's encrypt to the k8s-cluster 
This change contains a new module which will be applied after the
kubernetes-cluster has been created. It will install the cert-manager in
it and add let's encrypt as a ClusterIssuer to the cluster. That setup
allows me to simply issue certificates for all services in the cluster.
2025-09-16 21:54:13 +02:00

57 lines
1.2 KiB
HCL
Raw Blame History

resource "helm_release" "cert_manager" {
name = "cert-manager"
repository = "oci://quay.io/jetstack/charts"
chart = "cert-manager"
version = "v1.18.2"
namespace = "cert-manager"
create_namespace = true
set = [{
name = "crds.enabled"
value = "true"
}]
}
locals {
letsencrypt = {
staging = {
server = "https://acme-staging-v02.api.letsencrypt.org/directory"
email = var.letsencrypt_issuer_email
}
prod = {
server = "https://acme-v02.api.letsencrypt.org/directory"
email = var.letsencrypt_issuer_email
}
}
}
resource "kubernetes_manifest" "letsencrypt_clusterissuer" {
depends_on = [ helm_release.cert_manager ]
for_each = local.letsencrypt
manifest = {
apiVersion = "cert-manager.io/v1"
kind = "ClusterIssuer"
metadata = {
name = "letsencrypt-${each.key}"
}
spec = {
acme = {
email = lookup(each.value, "email")
privateKeySecretRef = {
name = "letsencrypt-${each.key}"
}
server = lookup(each.value, "server")
solvers = [{
http01 = {
ingress = {
class = "traefik"
}
}
}]
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink