Adding initial kubevirt support

virt/cdi/certs.tf

@@ -0,0 +1,187 @@
+resource "kubectl_manifest" "issuer" {
+  yaml_body  = <<-EOF
+    apiVersion: "cert-manager.io/v1"
+    kind: "Issuer"
+    metadata:
+      name: "cdi-selfsigned"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      selfSigned: {}
+  EOF
+}
+resource "kubectl_manifest" "cdi-apiserver-signer-cert" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: cdi-apiserver-signer
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      isCA: true
+      duration: "${var.duration}"
+      commonName: "cdi-apiserver-signer"
+      secretName: cdi-apiserver-signer
+      issuerRef:
+        name: cdi-selfsigned
+  EOF
+}
+resource "kubectl_manifest" "cdi-uploadproxy-signer-cert" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: cdi-uploadproxy-signer
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      isCA: true
+      duration: "${var.duration}"
+      commonName: "cdi-uploadproxy-signer"
+      secretName: cdi-uploadproxy-signer
+      issuerRef:
+        name: cdi-selfsigned
+  EOF
+}
+resource "kubectl_manifest" "cdi-uploadserver-client-signer-cert" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: cdi-uploadserver-client-signer
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      isCA: true
+      duration: "${var.duration}"
+      commonName: "cdi-uploadserver-client-signer"
+      secretName: cdi-uploadserver-client-signer
+      issuerRef:
+        name: cdi-selfsigned
+  EOF
+}
+resource "kubectl_manifest" "cdi-uploadserver-signer-cert" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: cdi-uploadserver-signer
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      isCA: true
+      duration: "${var.duration}"
+      commonName: "cdi-uploadserver-signer"
+      secretName: cdi-uploadserver-signer
+      issuerRef:
+        name: cdi-selfsigned
+  EOF
+}
+resource "kubectl_manifest" "cdi-uploadproxy-signer" {
+  yaml_body  = <<-EOF
+    apiVersion: "cert-manager.io/v1"
+    kind: "Issuer"
+    metadata:
+      name: "cdi-uploadproxy-signer"
+      namespace: ${var.namespace}
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      ca:
+        secretName: "cdi-uploadproxy-signer"
+  EOF
+}
+resource "kubectl_manifest" "cdi-uploadserver-client-signer" {
+  yaml_body  = <<-EOF
+    apiVersion: "cert-manager.io/v1"
+    kind: "Issuer"
+    metadata:
+      name: "cdi-uploadserver-client-signer"
+      namespace: ${var.namespace}
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      ca:
+        secretName: "cdi-uploadserver-client-signer"
+  EOF
+}
+resource "kubectl_manifest" "cdi-apiserver-signer" {
+  yaml_body  = <<-EOF
+    apiVersion: "cert-manager.io/v1"
+    kind: "Issuer"
+    metadata:
+      name: "cdi-apiserver-signer"
+      namespace: ${var.namespace}
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      ca:
+        secretName: "cdi-apiserver-signer"
+  EOF
+}
+resource "kubectl_manifest" "cdi-apiserver-server-cert" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: "cdi-apiserver-server-cert"
+      labels: ${jsonencode(local.common-labels)}
+      namespace: ${var.namespace}
+    spec:
+      dnsNames:
+      - cdi-api
+      - cdi-api.${var.namespace}
+      - cdi-api.${var.namespace}.svc
+      - cdi-api.${var.namespace}.svc.cluster.local
+      issuerRef:
+        kind: Issuer
+        name: cdi-apiserver-signer
+      secretName: cdi-apiserver-server-cert
+      subject:
+        organizationalUnits:
+        - cdi-api
+  EOF
+}
+resource "kubectl_manifest" "cdi-uploadproxy-server-cert" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: "cdi-uploadproxy-server-cert"
+      labels: ${jsonencode(local.common-labels)}
+      namespace: ${var.namespace}
+    spec:
+      dnsNames:
+      - cdi-uploadproxy
+      - cdi-uploadproxy.${var.namespace}
+      - cdi-uploadproxy.${var.namespace}.svc
+      - cdi-uploadproxy.${var.namespace}.svc.cluster.local
+      issuerRef:
+        kind: Issuer
+        name: cdi-uploadproxy-signer
+      secretName: cdi-uploadproxy-server-cert
+      subject:
+        organizationalUnits:
+        - cdi-uploadproxy
+  EOF
+}
+resource "kubectl_manifest" "cdi-uploadserver-client-cert" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: "cdi-uploadserver-client-cert"
+      labels: ${jsonencode(local.common-labels)}
+      namespace: ${var.namespace}
+    spec:
+      usages:
+      - digital signature
+      - client auth
+      commonName: "cdi-uploadserver-client-cert"
+      issuerRef:
+        kind: Issuer
+        name: cdi-uploadserver-client-signer
+      secretName: cdi-uploadserver-client-cert
+      subject:
+        organizationalUnits:
+        - cdi-uploadserver-client
+  EOF
+}