Comments (4)
In terms of a "second" cluster issuer. It's typically less confusing (and easier to debug) if you keep to 1 cluster issuer but have multiple solvers eg
solvers:
- dns01:
route53:
region: __CLUSTER_REGION__
ambient: true
selector:
dnsZones:
- internal.example.com
- dns01:
cloudflare:
email: __cloudflareemail__
apiKeySecretRef:
name: cloudflare-api-key-secret
key: API
selector:
dnsZones:
- public.example.com
- http01:
ingress:
class: nginx
Aka internal.example.com
is on route53, public.example.com
is on cloudflare and everything else uses a http01 solver.
from terraform-kubernetes-cert-manager.
@timothyclarke Thanks for PR.
@dc232 Feature has been added.
from terraform-kubernetes-cert-manager.
Hey, at least you can add your additional cluster issuer.
Also you can add your own yaml for cluster issuer in module.
Variable called: cluster_issuer_yaml . Just give your own yaml of cluster issuer to this variable, and module will replace default http issuer with your yaml.
Make sure that name of new cluster issuer is not same as in module, in case when you are adding second cluster issuer.
resource "kubectl_manifest" "cloudflare_cluster_issuer" {
validate_schema = false
yaml_body = <<EOF
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: __cloudflareemail__
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- selector:
dnsNames:
- '*.vinsonjewellers.com'
- vinsonjewellers.com
dns01:
cloudflare:
email: __cloudflareemail__
apiKeySecretRef:
name: cloudflare-api-key-secret
key: API
EOF
depends_on = [module.cert_manager]
}
Anyway good idea to implement support of dns01 issuer in this module :)
from terraform-kubernetes-cert-manager.
@timothyclarke Looks really good, let me check locally how it works in real life )
from terraform-kubernetes-cert-manager.
Related Issues (17)
- cannot init terraform with an ARM64 HOT 1
- Example to use additional_set HOT 2
- Timeout while creating cluster issuer HOT 1
- why use helm? HOT 1
- Wrong url has been occurred while running terraform apply. HOT 8
- Installation error trying to acess namespaces endpoint HOT 2
- Unable to pass startupapicheck.podLabels within additional_set HOT 2
- setting KUBERNETES_MASTER environment variable HOT 2
- invalid configuration: no configuration has been provided HOT 3
- Cert manager unable to update certs HOT 3
- No custom-fields can be add to the certificate HOT 1
- New typing doesn't support different solvers HOT 2
- preferredChain field optional HOT 2
- "no matches for kind "ClusterIssuer" in group "cert-manager.io"" With terraform plan HOT 13
- Error: cert-manager failed to create kubernetes rest client for update of resource: resource [cert-manager.io/v1/ClusterIssuer] isn't valid for cluster, check the APIVersion and Kind fields are valid HOT 2
- failed to download chart HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-kubernetes-cert-manager.