Adding initial kubevirt support

virt/kubevirt/certs.tf

@@ -0,0 +1,209 @@
+resource "kubectl_manifest" "issuer" {
+  yaml_body  = <<-EOF
+    apiVersion: "cert-manager.io/v1"
+    kind: "Issuer"
+    metadata:
+      name: "kubevirt-selfsigned"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      selfSigned: {}
+  EOF
+}
+resource "kubectl_manifest" "kubevirt-ca-cert" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: kubevirt-ca
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      isCA: true
+      duration: "${var.duration}"
+      commonName: "kubevirt-ca"
+      secretName: kubevirt-ca
+      issuerRef:
+        name: kubevirt-selfsigned
+  EOF
+}
+resource "kubectl_manifest" "kubevirt-export-ca-cert" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: kubevirt-export-ca
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      isCA: true
+      duration: "${var.duration}"
+      commonName: "kubevirt-export-ca"
+      secretName: kubevirt-export-ca
+      issuerRef:
+        name: kubevirt-selfsigned
+  EOF
+}
+resource "kubectl_manifest" "kubevirt-export-ca" {
+  yaml_body  = <<-EOF
+    apiVersion: "cert-manager.io/v1"
+    kind: "Issuer"
+    metadata:
+      name: "kubevirt-export-ca"
+      namespace: ${var.namespace}
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      ca:
+        secretName: "kubevirt-export-ca"
+  EOF
+}
+resource "kubectl_manifest" "kubevirt-ca" {
+  yaml_body  = <<-EOF
+    apiVersion: "cert-manager.io/v1"
+    kind: "Issuer"
+    metadata:
+      name: "kubevirt-ca"
+      namespace: ${var.namespace}
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      ca:
+        secretName: "kubevirt-ca"
+  EOF
+}
+resource "kubectl_manifest" "kubevirt-virt-api-certs" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: "kubevirt-virt-api-certs"
+      labels: ${jsonencode(local.common-labels)}
+      namespace: ${var.namespace}
+    spec:
+      dnsNames:
+      - virt-api
+      - virt-api.${var.namespace}
+      - virt-api.${var.namespace}.svc
+      - virt-api.${var.namespace}.svc.cluster.local
+      issuerRef:
+        kind: Issuer
+        name: kubevirt-ca
+      secretName: kubevirt-virt-api-certs
+      subject:
+        organizationalUnits:
+        - kubevirt-virt-api
+  EOF
+}
+resource "kubectl_manifest" "kubevirt-controller-certs" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: "kubevirt-controller-certs"
+      labels: ${jsonencode(local.common-labels)}
+      namespace: ${var.namespace}
+    spec:
+      dnsNames:
+      - virt-controller
+      - virt-controller.${var.namespace}
+      - virt-controller.${var.namespace}.svc
+      - virt-controller.${var.namespace}.svc.cluster.local
+      issuerRef:
+        kind: Issuer
+        name: kubevirt-ca
+      secretName: kubevirt-controller-certs
+      subject:
+        organizationalUnits:
+        - kubevirt-virt-controller
+  EOF
+}
+resource "kubectl_manifest" "kubevirt-exportproxy-certs" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: "kubevirt-exportproxy-certs"
+      labels: ${jsonencode(local.common-labels)}
+      namespace: ${var.namespace}
+    spec:
+      dnsNames:
+      - virt-exportproxy
+      - virt-exportproxy.${var.namespace}
+      - virt-exportproxy.${var.namespace}.svc
+      - virt-exportproxy.${var.namespace}.svc.cluster.local
+      issuerRef:
+        kind: Issuer
+        name: kubevirt-ca
+      secretName: kubevirt-exportproxy-certs
+      subject:
+        organizationalUnits:
+        - kubevirt-virt-controller
+  EOF
+}
+resource "kubectl_manifest" "kubevirt-operator-certs" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: "kubevirt-operator-certs"
+      labels: ${jsonencode(local.common-labels)}
+      namespace: ${var.namespace}
+    spec:
+      dnsNames:
+      - kubevirt-operator-webhook
+      - kubevirt-operator-webhook.${var.namespace}
+      - kubevirt-operator-webhook.${var.namespace}.svc
+      - kubevirt-operator-webhook.${var.namespace}.svc.cluster.local
+      issuerRef:
+        kind: Issuer
+        name: kubevirt-ca
+      secretName: kubevirt-operator-certs
+      subject:
+        organizationalUnits:
+        - kubevirt-operator-webhook
+  EOF
+}
+resource "kubectl_manifest" "kubevirt-virt-handler-server-certs" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: "kubevirt-virt-handler-server-certs"
+      labels: ${jsonencode(local.common-labels)}
+      namespace: ${var.namespace}
+    spec:
+      dnsNames:
+      - virt-handler
+      - virt-handler.${var.namespace}
+      - virt-handler.${var.namespace}.svc
+      - virt-handler.${var.namespace}.svc.cluster.local
+      issuerRef:
+        kind: Issuer
+        name: kubevirt-ca
+      secretName: kubevirt-virt-handler-server-certs
+      subject:
+        organizationalUnits:
+        - kubevirt-virt-handler
+  EOF
+}
+resource "kubectl_manifest" "kubevirt-virt-handler-certs" {
+  yaml_body  = <<-EOF
+    apiVersion: cert-manager.io/v1
+    kind: Certificate
+    metadata:
+      name: "kubevirt-virt-handler-certs"
+      labels: ${jsonencode(local.common-labels)}
+      namespace: ${var.namespace}
+    spec:
+      usages:
+      - digital signature
+      - client auth
+      commonName: "kubevirt-virt-handler-certs"
+      issuerRef:
+        kind: Issuer
+        name: kubevirt-ca
+      secretName: kubevirt-virt-handler-certs
+      subject:
+        organizationalUnits:
+        - kubevirt-virt-handler-certs
+  EOF
+}