188 lines
5.0 KiB
HCL
188 lines
5.0 KiB
HCL
resource "kubectl_manifest" "issuer" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: "cert-manager.io/v1"
|
|
kind: "Issuer"
|
|
metadata:
|
|
name: "cdi-selfsigned"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.common-labels)}
|
|
spec:
|
|
selfSigned: {}
|
|
EOF
|
|
}
|
|
resource "kubectl_manifest" "cdi-apiserver-signer-cert" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: cdi-apiserver-signer
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.common-labels)}
|
|
spec:
|
|
isCA: true
|
|
duration: "${var.duration}"
|
|
commonName: "cdi-apiserver-signer"
|
|
secretName: cdi-apiserver-signer
|
|
issuerRef:
|
|
name: cdi-selfsigned
|
|
EOF
|
|
}
|
|
resource "kubectl_manifest" "cdi-uploadproxy-signer-cert" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: cdi-uploadproxy-signer
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.common-labels)}
|
|
spec:
|
|
isCA: true
|
|
duration: "${var.duration}"
|
|
commonName: "cdi-uploadproxy-signer"
|
|
secretName: cdi-uploadproxy-signer
|
|
issuerRef:
|
|
name: cdi-selfsigned
|
|
EOF
|
|
}
|
|
resource "kubectl_manifest" "cdi-uploadserver-client-signer-cert" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: cdi-uploadserver-client-signer
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.common-labels)}
|
|
spec:
|
|
isCA: true
|
|
duration: "${var.duration}"
|
|
commonName: "cdi-uploadserver-client-signer"
|
|
secretName: cdi-uploadserver-client-signer
|
|
issuerRef:
|
|
name: cdi-selfsigned
|
|
EOF
|
|
}
|
|
resource "kubectl_manifest" "cdi-uploadserver-signer-cert" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: cdi-uploadserver-signer
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.common-labels)}
|
|
spec:
|
|
isCA: true
|
|
duration: "${var.duration}"
|
|
commonName: "cdi-uploadserver-signer"
|
|
secretName: cdi-uploadserver-signer
|
|
issuerRef:
|
|
name: cdi-selfsigned
|
|
EOF
|
|
}
|
|
resource "kubectl_manifest" "cdi-uploadproxy-signer" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: "cert-manager.io/v1"
|
|
kind: "Issuer"
|
|
metadata:
|
|
name: "cdi-uploadproxy-signer"
|
|
namespace: ${var.namespace}
|
|
labels: ${jsonencode(local.common-labels)}
|
|
spec:
|
|
ca:
|
|
secretName: "cdi-uploadproxy-signer"
|
|
EOF
|
|
}
|
|
resource "kubectl_manifest" "cdi-uploadserver-client-signer" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: "cert-manager.io/v1"
|
|
kind: "Issuer"
|
|
metadata:
|
|
name: "cdi-uploadserver-client-signer"
|
|
namespace: ${var.namespace}
|
|
labels: ${jsonencode(local.common-labels)}
|
|
spec:
|
|
ca:
|
|
secretName: "cdi-uploadserver-client-signer"
|
|
EOF
|
|
}
|
|
resource "kubectl_manifest" "cdi-apiserver-signer" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: "cert-manager.io/v1"
|
|
kind: "Issuer"
|
|
metadata:
|
|
name: "cdi-apiserver-signer"
|
|
namespace: ${var.namespace}
|
|
labels: ${jsonencode(local.common-labels)}
|
|
spec:
|
|
ca:
|
|
secretName: "cdi-apiserver-signer"
|
|
EOF
|
|
}
|
|
resource "kubectl_manifest" "cdi-apiserver-server-cert" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: "cdi-apiserver-server-cert"
|
|
labels: ${jsonencode(local.common-labels)}
|
|
namespace: ${var.namespace}
|
|
spec:
|
|
dnsNames:
|
|
- cdi-api
|
|
- cdi-api.${var.namespace}
|
|
- cdi-api.${var.namespace}.svc
|
|
- cdi-api.${var.namespace}.svc.cluster.local
|
|
issuerRef:
|
|
kind: Issuer
|
|
name: cdi-apiserver-signer
|
|
secretName: cdi-apiserver-server-cert
|
|
subject:
|
|
organizationalUnits:
|
|
- cdi-api
|
|
EOF
|
|
}
|
|
resource "kubectl_manifest" "cdi-uploadproxy-server-cert" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: "cdi-uploadproxy-server-cert"
|
|
labels: ${jsonencode(local.common-labels)}
|
|
namespace: ${var.namespace}
|
|
spec:
|
|
dnsNames:
|
|
- cdi-uploadproxy
|
|
- cdi-uploadproxy.${var.namespace}
|
|
- cdi-uploadproxy.${var.namespace}.svc
|
|
- cdi-uploadproxy.${var.namespace}.svc.cluster.local
|
|
issuerRef:
|
|
kind: Issuer
|
|
name: cdi-uploadproxy-signer
|
|
secretName: cdi-uploadproxy-server-cert
|
|
subject:
|
|
organizationalUnits:
|
|
- cdi-uploadproxy
|
|
EOF
|
|
}
|
|
resource "kubectl_manifest" "cdi-uploadserver-client-cert" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: "cdi-uploadserver-client-cert"
|
|
labels: ${jsonencode(local.common-labels)}
|
|
namespace: ${var.namespace}
|
|
spec:
|
|
usages:
|
|
- digital signature
|
|
- client auth
|
|
commonName: "cdi-uploadserver-client-cert"
|
|
issuerRef:
|
|
kind: Issuer
|
|
name: cdi-uploadserver-client-signer
|
|
secretName: cdi-uploadserver-client-cert
|
|
subject:
|
|
organizationalUnits:
|
|
- cdi-uploadserver-client
|
|
EOF
|
|
}
|