Kubernetes Internal TLS Certificate
Provisions a TLS key-pair with the standard Panfactum settings.
Providers
The following providers are needed by this module:
-
kubectl (2.1.3)
-
kubernetes (2.34.0)
-
pf (0.0.7)
Required Inputs
The following input variables are required:
namespace
Description: The namespace the cluster is in
Type: string
secret_name
Description: The name of the secret to save the keypair to
Type: string
Optional Inputs
The following input variables are optional (have default values):
common_name
Description: Common name to add to add to the cert
Type: string
Default: null
duration
Description: How long the certificate will be valid for.
Type: string
Default: "336h0m0s"
extra_labels
Description: Extra labels to add to the Certificate and Secret resources
Type: map(string)
Default: {}
include_localhost
Description: Whether to include localhost in the SANs
Type: bool
Default: false
include_subdomains
Description: Whether to include subdomains of the services via wildcard
Type: bool
Default: false
is_ca
Description: Whether the certificate is a certificate authority certificate or not.
Type: bool
Default: false
issuer_name
Description: Name of the ClusterIssuer/Issuer to use for provisioning the cert
Type: string
Default: null
private_key_algorithm
Description: The algorithm to use for the private key. Must be one of: ECDSA, RSA
Type: string
Default: "ECDSA"
private_key_encoding
Description: The encoding of the private key. Must by PKCS1
or PKCS8
Type: string
Default: "PKCS1"
private_key_rotation_enabled
Description: Whether to enable private key rotation.
Type: bool
Default: true
renew_before
Description: How long prior to the expiration that certificate renewal will be triggered.
Type: string
Default: "168h0m0s"
sans_enabled
Description: Whether to set SANS in the generated certificate
Type: bool
Default: true
service_names
Description: The names of the kubernetes service(s) to use for the domain names
Type: list(string)
Default: []
usages
Description: Usages to add to the certificate
Type: list(string)
Default: []
use_cluster_issuer
Description: Whether to use a ClusterIssuer. If false, will use an Issuer.
Type: bool
Default: true
Outputs
The following outputs are exported:
certificate_name
Description: n/a
secret_name
Description: n/a
Usage
No notes