Kubernetes Cert Manager

Deploys Cert Manager into a Kubernetes cluster via Helm. Creates Let's Encrypt ClusterIssuers for ACME servers:

staging - to test Let's Encrypt cert generation via staging server of LE
production - uses production Let's Encrypt CA server (with limited rate of certificate generation requests)
selfsigned - to deploy self-signed cluster issuer

$250

Dependencies included: $50

tf-k8s-crd

$50

BUY

847

License

Once you have a Corewide Solutions Portal account, this one-time action will use your browser session to retrieve credentials:

 shellterraform login solutions.corewide.com

Provision instructions

Initialize mandatory providers:

Copy and paste into your Terraform configuration and insert the variables:

 hclmodule "tf_k8s_cert_manager" {
  source  = "solutions.corewide.com/kubernetes/tf-k8s-cert-manager/helm"
  version = "~> 1.0.1"

  # specify module inputs here or try one of the examples below
  ...
}

Initialize the setup:

 shellterraform init

Define update strategy

Corewide DevOps team strictly follows Semantic Versioning Specification to provide our clients with products that have predictable upgrades between versions. We recommend pinning patch versions of our modules using pessimistic constraint operator (~>) to prevent breaking changes during upgrades.

To get new features during the upgrades (without breaking compatibility), use ~> 1.0 and run terraform init -upgrade

For the safest setup, use strict pinning with version = "1.0.1"

v1.0.1 released 1 month, 1 week ago

New version approx. every 7 weeks

Changelog

Setup with custom parameters for Helm Chart version, values and release name:

 hclmodule "cert_manager" {
  source  = "solutions.corewide.com/kubernetes/tf-k8s-cert-manager/helm"
  version = "~> 1.0"

  name            = "cert-manager-example"
  acme_email      = "[email protected]"
  chart_version   = "1.10.0"
  enable_metrics  = false
  ingress_classes = ["nginx"]
  issuer_names    = ["letsencrypt-staging"]

  custom_values = [
    {
      name  = "image.pullPolicy"
      value = "Always"
    },
    {
      name  = "global.commonLabels.project"
      value = "example"
    },
  ]
}

Minimal setup with default parameters:

 hclmodule "cert_manager" {
  source  = "solutions.corewide.com/kubernetes/tf-k8s-cert-manager/helm"
  version = "~> 1.0"

  acme_email      = "[email protected]"
  ingress_classes = ["nginx"]
}

Variable	Description	Type	Default	Required	Sensitive
`acme_email`	E-mail for Let's Encrypt cluster issuer to request certificates	`string`		yes	no
`ingress_classes`	A list of Ingress Classes definition for Cert Manager deployment	`list(string)`		yes	no
`k8s_flavor`	Name of managed Kubernetes to enable cloud-specific adjustments. Applicable value is: `eks`	`string`		yes	no
`chart_version`	Version of Cert Manager Helm chart	`string`	`1.7.1`	no	no
`create_namespace`	Enable dedicated namespace creation for Cert Manager deployment	`bool`	`true`	no	no
`custom_values`	A list of custom values for Cert Manager Helm Chart	`list(object)`	`[]`	no	no
`custom_values[*].name`	Full name of the custom value to be set	`string`		yes	no
`custom_values[*].type`	Type of the value to be set (valid options are `auto` and `string`)	`string`	`auto`	no	no
`custom_values[*].value`	Value of the custom value to be set	`any`		yes	no
`enable_metrics`	Enable Prometheus metrics of Cert Manager	`bool`	`true`	no	no
`issuer_names`	A list of issuers to be created. Possible values are: `letsencrypt`, `letsencrypt-staging`, `selfsigned`	`list(string)`		no	no
`name`	Name to override Cert Manager release name	`string`	`cert-manager`	no	no
`namespace`	Namespace to install Cert Manager into	`string`	`cert-manager`	no	no