diff --git a/aws/cert.tf b/aws/cert.tf index d8ec5fc..564af0a 100644 --- a/aws/cert.tf +++ b/aws/cert.tf @@ -1,13 +1,16 @@ resource "tls_private_key" "private_key" { + count = "${var.rancher_create_cert ? 1 : 0}" algorithm = "RSA" } resource "acme_registration" "reg" { + count = "${var.rancher_create_cert ? 1 : 0}" account_key_pem = "${tls_private_key.private_key.private_key_pem}" email_address = "${var.acme_registration_email}" } resource "acme_certificate" "certificate" { + count = "${var.rancher_create_cert ? 1 : 0}" account_key_pem = "${acme_registration.reg.account_key_pem}" common_name = "${var.domain_name}" @@ -17,6 +20,7 @@ resource "acme_certificate" "certificate" { } resource "aws_iam_server_certificate" "rancher_elb_cert" { + count = "${var.rancher_create_cert ? 1 : 0}" name_prefix = "rancher-cert-" certificate_body = "${acme_certificate.certificate.certificate_pem}" certificate_chain = "${acme_certificate.certificate.issuer_pem}" diff --git a/aws/load-balancer.tf b/aws/load-balancer.tf index df6f671..bbd02ea 100644 --- a/aws/load-balancer.tf +++ b/aws/load-balancer.tf @@ -35,7 +35,7 @@ resource "aws_lb_listener" "rancher_https" { port = "443" protocol = "HTTPS" ssl_policy = "ELBSecurityPolicy-2016-08" - certificate_arn = "${aws_iam_server_certificate.rancher_elb_cert.arn}" + certificate_arn = "${var.rancher_create_cert ? join("",aws_iam_server_certificate.rancher_elb_cert.*.arn) : var.rancher_elb_cert_arn}" default_action { type = "forward" diff --git a/aws/variables.tf b/aws/variables.tf index 80300e7..9dd0a1b 100644 --- a/aws/variables.tf +++ b/aws/variables.tf @@ -75,6 +75,16 @@ variable "rancher_storage_volume_size" { default = 20 } +variable "rancher_create_cert" { + description = "set to false if rancher elb cert is created outside the module" + default = true +} + +variable "rancher_elb_cert_arn" { + description = "rancher elb cert to be passed in from outside the module" + default = "" +} + variable "node_exporter_version" { default = "0.16.0" }