Panfactum LogoPanfactum
Infrastructure ModulesSubmodulesKuberneteskube_internal_cert
kube_internal_cert
Stable
Submodule
Source Code Link

Kubernetes Internal TLS Certificate

Provisions a TLS key-pair with the standard Panfactum settings.

Providers

The following providers are needed by this module:

  • kubectl (2.1.3)

  • kubernetes (2.34.0)

  • pf (0.0.5)

Required Inputs

The following input variables are required:

namespace

Description: The namespace the cluster is in

Type: string

secret_name

Description: The name of the secret to save the keypair to

Type: string

Optional Inputs

The following input variables are optional (have default values):

common_name

Description: Common name to add to add to the cert

Type: string

Default: null

duration

Description: How long the certificate will be valid for.

Type: string

Default: "336h0m0s"

extra_labels

Description: Extra labels to add to the Certificate and Secret resources

Type: map(string)

Default: {}

include_localhost

Description: Whether to include localhost in the SANs

Type: bool

Default: false

include_subdomains

Description: Whether to include subdomains of the services via wildcard

Type: bool

Default: false

is_ca

Description: Whether the certificate is a certificate authority certificate or not.

Type: bool

Default: false

issuer_name

Description: Name of the ClusterIssuer/Issuer to use for provisioning the cert

Type: string

Default: null

private_key_algorithm

Description: The algorithm to use for the private key. Must be one of: ECDSA, RSA

Type: string

Default: "ECDSA"

private_key_encoding

Description: The encoding of the private key. Must by PKCS1 or PKCS8

Type: string

Default: "PKCS1"

private_key_rotation_enabled

Description: Whether to enable private key rotation.

Type: bool

Default: true

renew_before

Description: How long prior to the expiration that certificate renewal will be triggered.

Type: string

Default: "168h0m0s"

sans_enabled

Description: Whether to set SANS in the generated certificate

Type: bool

Default: true

service_names

Description: The names of the kubernetes service(s) to use for the domain names

Type: list(string)

Default: []

usages

Description: Usages to add to the certificate

Type: list(string)

Default: []

use_cluster_issuer

Description: Whether to use a ClusterIssuer. If false, will use an Issuer.

Type: bool

Default: true

Outputs

The following outputs are exported:

certificate_name

Description: n/a

secret_name

Description: n/a

Usage

No notes