cert-manager
Terraform module for Kubernetes

cert-manager provides Kubernetes native certificate management. It automates provisioning of certificates from configurable issuers and renews these certificates before expiry to keep them valid and up to date.

This Terraform module provisions cert-manager on Kubernetes. It fully integrates the Kubernetes resources into the Terraform workflow and allows configuring cert-manager using native Terraform syntax.

The cert-manager module is continuously updated and tested when new upstream versions are released.

TL;DR:

  • Call the module once per desired target cluster.
  • The provider alias you pass into the module determines the cluster.
  • Customize the Kubernetes resources per environment using Terraform syntax.

Use the module

To provision the cert-manager Terraform module on a Kubernetes cluster, call the module, set source and version, and pass an aliased kustomization provider into the module. The provider configuration determines what cluster the Kuberneters resources are provisioned on. Framework documentation includes a complete example of how the kubeconfig output of a cluster module can be used to configure a kustomization provider alias.

module "eks_zero_cert_manager" {
providers = {
kustomization = kustomization.eks_zero
}
source = "kbst.xyz/catalog/cert-manager/kustomization"
version = "1.10.0-kbst.1"
}
module "aks_zero_cert_manager" {
providers = {
kustomization = kustomization.aks_zero
}
source = "kbst.xyz/catalog/cert-manager/kustomization"
version = "1.10.0-kbst.1"
}
module "gke_zero_cert_manager" {
providers = {
kustomization = kustomization.gke_zero
}
source = "kbst.xyz/catalog/cert-manager/kustomization"
version = "1.10.0-kbst.1"
}

Customize resources

All Kubestack cluster service modules support the same module attributes and per environment configuration. The module configuration is a Kustomization set in the per environment configuration map following Kubestack's inheritance model.

This example overwrites the metadata.namespace of all Kubernetes resources provisioned by the cert-manager module using a Terraform variable.

module "example_cert_manager" {
providers = {
kustomization = kustomization.example
}
source = "kbst.xyz/catalog/cert-manager/kustomization"
version = "1.10.0-kbst.1"
configuration = {
apps = {
namespace = var.example_cert_manager_namespace
}
ops = {}
loc = {}
}
}

Full documentation how to customize a module's Kubernetes resources is available in the cluster service module configuration section of the framework documentation.