/
letsencrypt.tf
42 lines (36 loc) · 1.54 KB
/
letsencrypt.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# Let's Encrypt
resource "kubernetes_secret" "letsencrypt_cloudflare_api_token_secret" {
metadata {
name = "letsencrypt-cloudflare-api-token-secret"
namespace = kubernetes_namespace.cert_manager.metadata.0.name
}
data = {
"api-token" = var.letsencrypt_cloudflare_api_token
}
}
resource "kubernetes_manifest" "letsencrypt_issuer_staging" {
manifest = yamldecode(templatefile(
"${path.module}/letsencrypt-issuer.tpl.yaml",
{
"name" = "letsencrypt-staging"
"email" = var.letsencrypt_email
"server" = "https://acme-staging-v02.api.letsencrypt.org/directory"
"api_token_secret_name" = kubernetes_secret.letsencrypt_cloudflare_api_token_secret.metadata.0.name
"api_token_secret_data_key" = keys(kubernetes_secret.letsencrypt_cloudflare_api_token_secret.data).0
}
))
depends_on = [helm_release.cert_manager]
}
resource "kubernetes_manifest" "letsencrypt_issuer_production" {
manifest = yamldecode(templatefile(
"${path.module}/letsencrypt-issuer.tpl.yaml",
{
"name" = "letsencrypt-production"
"email" = var.letsencrypt_email
"server" = "https://acme-v02.api.letsencrypt.org/directory"
"api_token_secret_name" = kubernetes_secret.letsencrypt_cloudflare_api_token_secret.metadata.0.name
"api_token_secret_data_key" = keys(kubernetes_secret.letsencrypt_cloudflare_api_token_secret.data).0
}
))
depends_on = [helm_release.cert_manager]
}