feat: Updated according to how we discussed it

dploeger · dploeger · commit 5140824f9b05 · 2021-11-10T15:00:59.000+01:00
diff --git a/README.md b/README.md
@@ -1,13 +1,9 @@
-# Terraform managemen of cert-manager on AKS
+# Terraform management of cert-manager on AKS
 
 ## Introduction
 
 This module manages cert-manager on AKS (Azure Kubernetes Service)
 
-## K8S requirements
-
-This module requires Kubernetes >= 1.19, see https://cert-manager.io/docs/installation/helm/#option-2-install-crds-as-part-of-the-helm-release
-
 ## Usage
 
 Instantiate the module by calling it from Terraform like this:
@@ -19,17 +15,20 @@ module "azure-basics" {
 }
 ```
 
-
 <!-- BEGIN_TF_DOCS -->
 ## Requirements
 
-No requirements.
+The following requirements are needed by this module:
+
+- helm (>= 2.4.1)
 
 ## Providers
 
 The following providers are used by this module:
 
-- azurerm
+- helm (>= 2.4.1)
+
+- kubernetes
 
 ## Modules
 
@@ -39,75 +38,53 @@ No modules.
 
 The following resources are used by this module:
 
-- [azurerm_management_lock.resource-group-level](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_lock) (resource)
-- [azurerm_proximity_placement_group.ppg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/proximity_placement_group) (resource)
-- [azurerm_resource_group.azure-resource-group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource)
+- [helm_release.cert-manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) (resource)
+- [helm_release.cert-manager-issuers](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) (resource)
+- [kubernetes_namespace.cert-manager](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) (resource)
 
 ## Required Inputs
 
-The following input variables are required:
-
-### location
-
-Description: The azure location used for azure
-
-Type: `string`
-
-### project
-
-Description: Three letter project key
-
-Type: `string`
-
-### stage
-
-Description: Stage for this ressource group
-
-Type: `string`
+No required inputs.
 
 ## Optional Inputs
 
 The following input variables are optional (have default values):
 
-### lock
-
-Description: Lock ressource group for deletion
-
-Type: `bool`
+### cert-manager-issuers-version
 
-Default: `true`
+Description: Version of the Cert-Manager-issuers helm chart to use
 
-### manage\_proximity\_placement\_group
+Type: `string`
 
-Description: Manage a proximity placement group for the resource group
+Default: `"0.2.2"`
 
-Type: `bool`
+### cert-manager-version
 
-Default: `true`
+Description: Version of the Cert-Manager helm chart to use
 
-### tags
+Type: `string`
 
-Description: Map of tags for the resources
+Default: `"v1.5.4"`
 
-Type: `map(any)`
+### cluster-issuers-yaml
 
-Default: `{}`
+Description: The YAML code to define cluster issuers for cert-manager. Example: https://github.com/adfinis-sygroup/helm-charts/blob/master/charts/cert-manager-issuers/examples/letsencrypt-clusterissuers.yaml
 
-## Outputs
+Type: `string`
 
-The following outputs are exported:
+Default: `""`
 
-### location
+### issuers-yaml
 
-Description: The location input variable (can be used for dependency resolution)
+Description: The YAML code to define issuers for cert-manager. Example: https://github.com/adfinis-sygroup/helm-charts/blob/master/charts/cert-manager-issuers/examples/disable-issuers.yaml
 
-### ppg\_id
+Type: `string`
 
-Description: The ID of the generated proximity placement group
+Default: `""`
 
-### resource\_group
+## Outputs
 
-Description: The name of the generated resource group
+No outputs.
 <!-- END_TF_DOCS -->
 
 ## Development
diff --git a/main.tf b/main.tf
@@ -6,61 +6,40 @@ resource "kubernetes_namespace" "cert-manager" {
   }
 }
 
-# documentation: https://cert-manager.io/docs/installation/helm/
+# https://artifacthub.io/packages/helm/cert-manager/cert-manager
 resource "helm_release" "cert-manager" {
   name       = "cert-manager"
   repository = "https://charts.jetstack.io"
   chart      = "cert-manager"
-  version    = "v1.5.4"
+  version    = var.cert-manager-version
   namespace  = kubernetes_namespace.cert-manager.metadata.0.name
 
   set {
-    name = "installCRDs"
+    name  = "installCRDs"
     value = "true"
   }
 }
 
-resource "helm_release" "cert-manager-clusterissuer" {
-  name = "cert-manager-clusterissuer"
-  chart = "../helm-charts/cert-manager-cluster-issuer"
+locals {
+  clusterIssuers = <<EOT
+clusterIssuers:
+${var.cluster-issuers-yaml}
+EOT
+  issuers        = <<EOT
+issuers:
+${var.issuers-yaml}
+EOT
+}
 
-  set {
-    name = "letsencryptEmail"
-    value = var.email
-  }
+# https://artifacthub.io/packages/helm/adfinis/cert-manager-issuers
+resource "helm_release" "cert-manager-issuers" {
+  chart      = "cert-manager-issuers"
+  name       = "cert-manager-issuers"
+  version    = var.cert-manager-issuers-version
+  repository = "https://charts.adfinis.com"
 
-  depends_on = [
-    helm_release.cert-manager,
+  values = [
+    var.cluster-issuers-yaml == "" ? "" : local.clusterIssuers,
+    var.issuers-yaml == "" ? "" : local.issuers
   ]
 }
-
-# TODO: to replaced by helm chart
-//
-//resource "kubernetes_manifest" "cluster-issuer-prod" {
-//  manifest = {
-//    apiVersion = "cert-manager.io/v1alpha2" # TODO, still correct?
-//    kind = "ClusterIssuer"
-//    metadata = {
-//      name = "letsencrypt-prod"
-//    }
-//  }
-//}
-//
-//apiVersion: cert-manager.io/v1alpha2
-//kind: ClusterIssuer
-//metadata:
-//    name: letsencrypt-prod
-//spec:
-//    acme:
-//        # The ACME server URL
-//        server: https://acme-v02.api.letsencrypt.org/directory
-//        # Email address used for ACME registration
-//        email: {{ .Values.letsencryptEmail }}
-//        # Name of a secret used to store the ACME account private key
-//        privateKeySecretRef:
-//            name: letsencrypt-prod
-//        # Enable the HTTP-01 challenge provider
-//        solvers:
-//            - http01:
-//                  ingress:
-//                      class: nginx
diff --git a/terraform.tf b/terraform.tf
@@ -1,9 +1,8 @@
-# setting required because we need helm >= 3.3, see https://cert-manager.io/docs/installation/helm/#option-2-install-crds-as-part-of-the-helm-release
 terraform {
   required_providers {
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 1.3.1"
+      version = ">= 2.4.1"
     }
   }
-}
+}
diff --git a/vars.tf b/vars.tf
@@ -1,4 +1,23 @@
-variable "email" {
-  type = string
-  description = "Notification-Address"
+variable "cert-manager-version" {
+  type        = string
+  default     = "v1.5.4"
+  description = "Version of the Cert-Manager helm chart to use"
+}
+
+variable "cert-manager-issuers-version" {
+  type        = string
+  default     = "0.2.2"
+  description = "Version of the Cert-Manager-issuers helm chart to use"
+}
+
+variable "issuers-yaml" {
+  type        = string
+  default     = ""
+  description = "The YAML code to define issuers for cert-manager. Example: https://github.com/adfinis-sygroup/helm-charts/blob/master/charts/cert-manager-issuers/examples/disable-issuers.yaml"
+}
+
+variable "cluster-issuers-yaml" {
+  type        = string
+  default     = ""
+  description = "The YAML code to define cluster issuers for cert-manager. Example: https://github.com/adfinis-sygroup/helm-charts/blob/master/charts/cert-manager-issuers/examples/letsencrypt-clusterissuers.yaml"
 }

Original file line number	Diff line number	Diff line change
`@@ -1,9 +1,8 @@`
`1`		`-# setting required because we need helm >= 3.3, see https://cert-manager.io/docs/installation/helm/#option-2-install-crds-as-part-of-the-helm-release`
`2`	`1`	`terraform {`
`3`	`2`	`required_providers {`
`4`	`3`	`helm = {`
`5`	`4`	`source = "hashicorp/helm"`
`6`		`- version = ">= 1.3.1"`
	`5`	`+ version = ">= 2.4.1"`
`7`	`6`	`}`
`8`	`7`	`}`
`9`		`-}`
	`8`	`+}`