Panfactum LogoPanfactum
Infrastructure ModulesKuberneteskube_cert_issuers

Kubernetes Certificate Issuers

kube_cert_issuers
Stable
Live
Source Code Link

This module provides our standard cluster issuers for cert-manager. It includes:

  • Cluster issuer for public domain names

  • Cluster issuer for self-signed certs

  • Cluster issuer for intermediate CAs

Providers

The following providers are needed by this module:

  • aws (5.39.1)

  • kubernetes (2.27.0)

  • vault (3.25.0)

Required Inputs

The following input variables are required:

alert_email

Description: An email that will receive certificate alerts.

Type: string

eks_cluster_name

Description: The name of the EKS cluster.

Type: string

vault_internal_url

Description: The url to the vault instance for internal cert issuance

Type: string

Optional Inputs

The following input variables are optional (have default values):

aws_iam_ip_allow_list

Description: A list of IPs that can use the service account token to authenticate with AWS API

Type: list(string)

Default: []

namespace

Description: The name of the cert-manager namespace.

Type: string

Default: "cert-manager"

route53_zones

Description: A mapping of public DNS domains managed by AWS to their configuration; cert-manager uses this to issue public-facing certificates.

Type:

map(object({
    record_manager_role_arn = string
    zone_id                 = string
  }))

Default: {}

service_account

Description: The name of the cert-manager service account.

Type: string

Default: "cert-manager"

Outputs

The following outputs are exported:

route53_zones

Description: The route53 zone configuration provided as an input

vault_ca_crt

Description: The public certificate of the root vault certificate authority

Usage

No notes