From ae7e0210bf4abf684376854000d85d75b5cebe2e Mon Sep 17 00:00:00 2001 From: Bayron Carranza Date: Fri, 18 Feb 2022 05:58:55 -0600 Subject: [PATCH] Certificate on-demand in istio-gateway and new input params gateway hosts and credentialName (#255) --- .../main-gateway/gateway.tpl.yaml | 5 ++--- .../aws/istio-networking/main-gateway/main.tf | 6 +++++- .../main-gateway/variables.tf | 20 ++++++++++++++++++- 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/terraform-modules/aws/istio-networking/main-gateway/gateway.tpl.yaml b/terraform-modules/aws/istio-networking/main-gateway/gateway.tpl.yaml index 3673e544c..16ddbc676 100644 --- a/terraform-modules/aws/istio-networking/main-gateway/gateway.tpl.yaml +++ b/terraform-modules/aws/istio-networking/main-gateway/gateway.tpl.yaml @@ -13,14 +13,13 @@ spec: number: 80 name: http protocol: HTTP - hosts: - - "*" + host: ${gateway_hosts} - port: number: 443 name: https protocol: HTTPS tls: mode: SIMPLE - credentialName: domain-wildcard # This should match the Certificate secretName + credentialName: ${gateway_credentialName} # This should match the Certificate secretName hosts: - "*" # This should match a DNS name in the Certificate diff --git a/terraform-modules/aws/istio-networking/main-gateway/main.tf b/terraform-modules/aws/istio-networking/main-gateway/main.tf index d9b19484e..6b17e5d54 100644 --- a/terraform-modules/aws/istio-networking/main-gateway/main.tf +++ b/terraform-modules/aws/istio-networking/main-gateway/main.tf @@ -15,6 +15,8 @@ data "template_file" "gateway" { vars = { namespace = var.namespace + gateway_hosts = "${jsonencode(var.gateway_hosts)}" + gateway_credentialName = var.gateway_credentialName } } @@ -24,6 +26,7 @@ resource "kubectl_manifest" "gateway" { # file templating data "template_file" "certificate" { + count = var.enable_certificate ? 1 : 0 template = file("${path.module}/certificate.tpl.yaml") vars = { @@ -38,5 +41,6 @@ data "template_file" "certificate" { } resource "kubectl_manifest" "certificate" { - yaml_body = data.template_file.certificate.rendered + count = var.enable_certificate ? 1 : 0 + yaml_body = data.template_file.certificate[0].rendered } diff --git a/terraform-modules/aws/istio-networking/main-gateway/variables.tf b/terraform-modules/aws/istio-networking/main-gateway/variables.tf index 8b123e7d0..9daa85a5c 100644 --- a/terraform-modules/aws/istio-networking/main-gateway/variables.tf +++ b/terraform-modules/aws/istio-networking/main-gateway/variables.tf @@ -28,7 +28,13 @@ variable "cert_dns_name" { type = string description = "The dns name for the certificate" } - + +variable "enable_certificate" { + type = bool + description = "If set to true, it will create the certificate resource on-demand" + default = true +} + variable "issue_ref_name" { default = "letsencrypt-prod-dns01" } @@ -39,4 +45,16 @@ variable "issue_ref_kind" { variable "issue_ref_group" { default = "cert-manager.io" +} + +variable "gateway_hosts" { + type = list(string) + description = "the list of hosts available for the gateway" + default = ["*"] +} + +variable "gateway_credentialName" { + type = string + description = "This is the gateway matches the secretName field in the certificate" + default = "domain-wildcard" } \ No newline at end of file