kube_cert_issuers
Kubernetes Certificate Issuers
This module provides our standard cluster issuers for cert-manager. It includes:
-
Cluster issuer for public domain names
-
Cluster issuer for self-signed certs
-
Cluster issuer for intermediate CAs
Providers
The following providers are needed by this module:
-
aws (5.70.0)
-
kubectl (2.0.4)
-
kubernetes (2.27.0)
-
pf (0.0.3)
-
vault (3.25.0)
Required Inputs
The following input variables are required:
alert_email
Description: An email that will receive certificate alerts.
Type: string
eks_cluster_name
Description: The name of the EKS cluster.
Type: string
vault_internal_url
Description: The url to the vault instance for internal cert issuance
Type: string
Optional Inputs
The following input variables are optional (have default values):
aws_iam_ip_allow_list
Description: A list of IPs that can use the service account token to authenticate with AWS API
Type: list(string)
Default: []
cloudflare_api_token
Description: Cloudflare API Token
Type: string
Default: null
cloudflare_zones
Description: A list of public DNS domains managed by Cloudflare; cert-manager uses this to issue public-facing certificates.
Type: list(string)
Default: []
namespace
Description: The name of the cert-manager namespace.
Type: string
Default: "cert-manager"
route53_zones
Description: A mapping of public DNS domains managed by AWS to their configuration; cert-manager uses this to issue public-facing certificates.
Type:
map(object({
record_manager_role_arn = string
zone_id = string
}))
Default: {}
service_account
Description: The name of the cert-manager service account.
Type: string
Default: "cert-manager"
Outputs
The following outputs are exported:
cloudflare_zones
Description: The cloudflare DNS names provided as an input
route53_zones
Description: The route53 zone configuration provided as an input
vault_ca_crt
Description: The public certificate of the root vault certificate authority
Usage
No notes