Skip to content

Commit

Permalink
Merge pull request #1 from brandnewbox/kubectl
Browse files Browse the repository at this point in the history 
using kubectl
  • Loading branch information
@nathancolgate
nathancolgate authored Sep 2, 2022
2 parents c1092ce + 16de905 commit 5d7396e
Show file tree
Hide file tree
Showing 4 changed files with 87 additions and 131 deletions.
48 changes: 19 additions & 29 deletions cert-manager-issuers/letsencrypt/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,33 +28,23 @@ resource "kubernetes_secret" "letsencrypt_issuer_secret" {
}
}

resource "kubernetes_manifest" "letsencrypt_issuer" {
manifest = {
apiVersion = "cert-manager.io/v1"
kind = "ClusterIssuer"
metadata = {
name = var.name
labels = {
name = var.name
}
}
spec = {
acme = {
server = var.server
email = var.email
privateKeySecretRef = {
name = kubernetes_secret.letsencrypt_issuer_secret.metadata.0.name
}
solvers = [
{
http01 = {
ingress = {
class = var.ingress_class
}
}
}
]
}
}
}
resource "kubectl_manifest" "letsencrypt_issuer" {
yaml_body = <<YAML
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: ${var.name}
labels:
name: ${var.name}
spec:
acme:
server: ${var.server}
email: ${var.email}
privateKeySecretRef:
name: ${kubernetes_secret.letsencrypt_issuer_secret.metadata.0.name}
solvers:
- http01:
ingress:
class: ${var.ingress_class}
YAML
}
68 changes: 27 additions & 41 deletions cert-manager-webhook/mutating-webhook-configuration.tf
View file
Original file line number Diff line number Diff line change
@@ -1,42 +1,28 @@
resource "kubernetes_manifest" "mutating_webhook_configuration" {
manifest = {
"apiVersion" = "admissionregistration.k8s.io/v1beta1"
"kind" = "MutatingWebhookConfiguration"
"metadata" = {
"name" = var.name

"labels" = merge({
"app.kubernetes.io/name" = var.name
}, local.labels)
annotations = {
"cert-manager.io/inject-ca-from-secret" = "cert-manager/cert-manager-webhook-ca"
}
}
"webhooks" = [
{
name = "webhook.cert-manager.io"
admissionReviewVersions = [
"v1",
"v1beta1"
]
rules = [
{
apiGroups = ["cert-manager.io", "acme.cert-manager.io"]
apiVersions = ["v1alpha2"]
operations = ["CREATE", "UPDATE"]
resources = ["*/*"]
}
]
failurePolicy = "Fail"
sideEffects = "None"
clientConfig = {
service = {
name = var.name
namespace = var.namespace
path = "/mutate"
}
}
}
]
}
resource "kubectl_manifest" "mutating_webhook_configuration" {
yaml_body = <<YAML
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: "${var.name}"
labels:
app.kubernetes.io/name: "${var.name}"
${join("\n ",[for key, value in local.labels : "${key}: \"${value}\""])}
annotations:
cert-manager.io/inject-ca-from-secret: "cert-manager/cert-manager-webhook-ca"
webhooks:
- name: "webhook.cert-manager.io"
admissionReviewVersions: ["v1", "v1beta1"]
rules:
- apiGroups: ["cert-manager.io", "acme.cert-manager.io"]
apiVersions: ["v1alpha2"]
operations: ["CREATE", "UPDATE"]
resources: ["*/*"]
failurePolicy: "Fail"
sideEffects: "None"
clientConfig:
service:
name: "${var.name}"
namespace: "${var.namespace}"
path: "/mutate"
YAML
}
98 changes: 37 additions & 61 deletions cert-manager-webhook/validating-webhook-configuration.tf
View file
Original file line number Diff line number Diff line change
@@ -1,62 +1,38 @@
resource "kubernetes_manifest" "validating_webhook_configuration" {
manifest = {
"apiVersion" = "admissionregistration.k8s.io/v1beta1"
"kind" = "ValidatingWebhookConfiguration"
"metadata" = {
"name" = var.name
"labels" = {
"app" = local.app
"app.kubernetes.io/name" = var.name
"app.kubernetes.io/instance" = var.instance_id
"app.kubernetes.io/managed-by" = "terraform"
}
"annotations" = {
"cert-manager.io/inject-ca-from-secret" = "cert-manager/cert-manager-webhook-ca"
}
}
"webhooks" = [
{
name = "webhook.cert-manager.io"
namespaceSelector = {
"matchExpressions" = [
{
values = [
"true"
]
operator = "NotIn"
key = "cert-manager.io/disable-validation"
},
{
values = [
"cert-manager"
]
operator = "NotIn"
key = "name"
}
]
}
rules = [
{
apiGroups = ["cert-manager.io", "acme.cert-manager.io"]
apiVersions = ["v1alpha2"]
operations = ["CREATE", "UPDATE"]
resources = ["*/*"]
}
]
admissionReviewVersions = [
"v1",
"v1beta1"
]
failurePolicy = "Fail"
sideEffects = "None"
clientConfig = {
service = {
name = var.name
namespace = var.namespace
path = "/mutate"
}
}
}
]
}
resource "kubectl_manifest" "validating_webhook_configuration" {
yaml_body = <<YAML
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: "${var.name}"
labels:
app: "${local.app}"
app.kubernetes.io/name: "${var.name}"
app.kubernetes.io/instance: "${var.instance_id}"
app.kubernetes.io/managed-by: "terraform"
annotations:
cert-manager.io/inject-ca-from-secret: "cert-manager/cert-manager-webhook-ca"
webhooks:
- name: "webhook.cert-manager.io"
namespaceSelector:
matchExpressions:
- operator: "NotIn"
key: "cert-manager.io/disable-validation"
values: ["true"]
- operator: "NotIn"
key: "name"
values: ["cert-manager"]
rules:
- apiGroups: ["cert-manager.io", "acme.cert-manager.io"]
apiVersions: ["v1alpha2"]
operations: ["CREATE", "UPDATE"]
resources: ["*/*"]
admissionReviewVersions: ["v1", "v1beta1"]
failurePolicy: "Fail"
sideEffects: "None"
clientConfig:
service:
name: "${var.name}"
namespace: "${var.namespace}"
path: "/mutate"
YAML
}
4 changes: 4 additions & 0 deletions versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,9 @@ terraform {
random = {
source = "hashicorp/random"
}

kubectl = {
source = "gavinbunney/kubectl"
}
}
}

0 comments on commit 5d7396e

Please sign in to comment.