k8s: use manually-created cert instead of managing one

chaws · chaws · commit 8910dd85d40f · 2021-01-27T17:18:18.000-03:00
We used to manage our own certs, but that proved a bit hard given
that *.linaro.org domains belonged to another account.

Thanks to Kelley Spoon, certs are now configured outside of terraform.
diff --git a/terraform/k8s.tf b/terraform/k8s.tf
@@ -11,12 +11,21 @@ resource "kubernetes_namespace" "qareports_k8s_namespace" {
     }
 }
 
+#
+#   Use a manually-created, ACM-issued, DNS-validated certificate
+#
+data "aws_acm_certificate" "qareports_acm_certificate" {
+  domain      = "${var.canonical_dns_name}"
+  types       = ["AMAZON_ISSUED"]
+  most_recent = true
+}
+
 resource "kubernetes_service" "qareports_web_service" {
     metadata {
         name = "qareports-web-service"
         namespace = "qareports-${var.environment}"
         annotations {
-            "service.beta.kubernetes.io/aws-load-balancer-ssl-cert" = "${aws_acm_certificate.qareports_acm_certificate.arn}"
+            "service.beta.kubernetes.io/aws-load-balancer-ssl-cert" = "${data.aws_acm_certificate.qareports_acm_certificate.arn}"
             "service.beta.kubernetes.io/aws-load-balancer-backend-protocol" = "http"
             "service.beta.kubernetes.io/aws-load-balancer-ssl-ports" = "443"
         }
diff --git a/terraform/loadbalancer.tf b/terraform/loadbalancer.tf
diff --git a/terraform/production.tfvars b/terraform/production.tfvars
@@ -1,10 +1,8 @@
 environment = "production"
 canonical_dns_name = "qa-reports.linaro.org"
-dns_name = "qa-reports.ctt.linaro.org"
 mq_node_type = "t3.micro"
 db_node_type = "t3.xlarge"
 db_storage = 749
 db_max_storage = 3000
-db_engine_version = "9.6.18"
+db_engine_version = "12.3"
 db_parameter_group = "default.postgres12"
-dns_validation_method = "EMAIL"
diff --git a/terraform/staging.tfvars b/terraform/staging.tfvars
@@ -1,10 +1,8 @@
 environment = "staging"
 canonical_dns_name = "staging-qa-reports.linaro.org"
-dns_name = "staging-qa-reports.ctt.linaro.org"
 mq_node_type = "t3a.nano"
 db_node_type = "t2.medium"
 db_storage = 500
 db_max_storage = 750
 db_engine_version = "12.3"
 db_parameter_group = "default.postgres12"
-dns_validation_method = "EMAIL"
diff --git a/terraform/testing.tfvars b/terraform/testing.tfvars
@@ -1,10 +1,8 @@
 environment = "testing"
 canonical_dns_name = "testing-qa-reports.linaro.org"
-dns_name = "testing-qa-reports.ctt.linaro.org"
 mq_node_type = "t3.nano"
 db_node_type = "t3.medium"
 db_storage = 500
 db_max_storage = 600
 db_engine_version = "12.3"
 db_parameter_group = "default.postgres12"
-dns_validation_method = "EMAIL"
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -20,8 +20,6 @@ variable "db_username"          { type = "string" }
 variable "db_password"          { type = "string" }
 variable "route53_zone_id"      { type = "string" }
 variable "canonical_dns_name"   { type = "string" }
-variable "dns_name"             { type = "string" }
-variable "dns_validation_method" { type = "string" }
 variable "openid_provider_arn"  { type = "string" }
 variable "openid_provider_url"  { type = "string" }
 
