https://github.com/statcan/terraform-kubernetes-cert-manager

Terraform module for Cert Manager
https://github.com/statcan/terraform-kubernetes-cert-manager

kubernetes terraform

Last synced: 10 months ago
JSON representation

Terraform module for Cert Manager

• Host: GitHub
• URL: https://github.com/statcan/terraform-kubernetes-cert-manager
• Owner: StatCan
• License: mit
• Created: 2019-08-07T22:59:27.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2023-04-12T14:52:06.000Z (about 3 years ago)
• Last Synced: 2025-04-07T17:41:19.078Z (about 1 year ago)
• Topics: kubernetes, terraform
• Language: HCL
• Size: 65.4 KB
• Stars: 3
• Watchers: 4
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE.md
  • Security: SECURITY.md

Awesome Lists containing this project

README

          
# Terraform Kubernetes Cert Manager

## Introduction

This module deploys and configures Cert Manager inside a Kubernetes Cluster.

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 0.13 |

|  [helm](#requirement\_helm) | >= 2.0.0 |

|  [kubernetes](#requirement\_kubernetes) | >= 2.10.0 |

## Providers

| Name | Version |

|------|---------|

|  [helm](#provider\_helm) | >= 2.0.0 |

|  [kubernetes](#provider\_kubernetes) | >= 2.10.0 |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [azure\_resource\_group\_name](#input\_azure\_resource\_group\_name) | the azure resource group containing the required AzureDNS resources | `string` | n/a | yes |

|  [azure\_subscription\_id](#input\_azure\_subscription\_id) | the azure subscription ID for the subscription containing the AzureDNS for ACME DNS challenge | `string` | n/a | yes |

|  [azure\_zone\_name](#input\_azure\_zone\_name) | the name of the azureDNS zone to use for ACME configuration | `string` | n/a | yes |

|  [letsencrypt\_email](#input\_letsencrypt\_email) | the email to associated with letsencrypt ACME account for generating/signing of certificates | `string` | n/a | yes |

|  [chart\_name](#input\_chart\_name) | the name of the cert-manager chart to use | `string` | `"cert-manager"` | no |

|  [chart\_version](#input\_chart\_version) | the version of the cert-manager chart to use. do not include 'v' prefix in this value | `string` | `"1.11.0"` | no |

|  [deploy\_cluster\_issuers](#input\_deploy\_cluster\_issuers) | a boolean which determines if the cluster issuers for Let's Encrypt should be deployed | `bool` | `true` | no |

|  [enable\_prometheusrules](#input\_enable\_prometheusrules) | Adds PrometheusRules for cert-manager alerts | `bool` | `true` | no |

|  [helm\_namespace](#input\_helm\_namespace) | the namespace where cert-manager resources should be deployed | `string` | `"cert-manager-system"` | no |

|  [helm\_repository](#input\_helm\_repository) | the helm chart repository to use as the source for cert-manager | `string` | `"https://charts.jetstack.io"` | no |

|  [helm\_repository\_password](#input\_helm\_repository\_password) | the helm repository password to use (IFF authentication is required by the repository) | `string` | `""` | no |

|  [helm\_repository\_username](#input\_helm\_repository\_username) | the helm repository username to use (IFF authentication is required by the repository) | `string` | `""` | no |

|  [values](#input\_values) | any additional helm chart values to pass to the helm\_release resource. will be merged with existing values | `string` | `""` | no |

## Outputs

| Name | Description |

|------|-------------|

|  [helm\_namespace](#output\_helm\_namespace) | the namespace containing the cert-manager helm release artifacts |

|  [release\_name](#output\_release\_name) | the name of the cert-manager helm release |

## History

| Date     | Release    | Change                                                                   |

| -------- | ---------- | -------------------------------------------------------------------------|

| 20190729 | 20190729.1 | Improvements to documentation and formatting                             |

| 20190909 | 20190909.1 | 1st release                                                              |

| 20200620 | v2.0.0     | Module now modified for Helm 3                                           |

| 20200622 | v2.0.1     | Added dependencies to kubernetes_secret                                  |

| 20201105 | v2.0.2     | Add registry username/password support                                   |

| 20210114 | v2.0.3     | Removed interpolation syntax                                             |

| 20210826 | v3.0.0     | Updated module for Terraform v0.13                                       |

| 20220401 | v4.0.0     | Updated module to allow use of MSI                                       |

| 20220401 | v4.0.1     | Updated module to cert-manager.io/v1                                     |

| 20220411 | v5.0.0     | Convert module to k8s manifest resource                                  |

| 20220721 | v5.1.0     | Set the cnameStrategy to "Follow" for the DNS01 solver.                  |

| 20230105 | v5.2.0     | Added cert manager rules from kube-prometheus-stack                      |

| 20230109 | v5.3.0     | Add runbook links to Prometheus rules                                    |

| 20230111 | v5.4.0     | Upgraded default chart-version to use latest cert-manager available      |

| 20230130 | v5.4.1     | certManagerCertFailingToRenew alert no longer considers ready status     |

| 20230202 | v5.4.2     | Specify sensitive variables                                              |

| 20230213 | v5.5.0     | Add a flag to enable issuers                                             |

| 20230411 | v5.6.0     | Add "cluster" to aggregation for alerting rules for thanos compatibility |