Resource Definitions
Driver
Capability
Flavor
Resource Type
Tls Cert
This section contains example Resource Definitions using the Template Driver for managing TLS Certificates in your cluster.
certificate-crd.yaml
: Add a certificate custom resource definition in the namespace of your deployment. This format is for use with the Humanitec CLI .
Resource Definitions #
certificate-crd.yaml
(
view on GitHub
)
:
# This Resource Definition creates a certificate custom resource definition,
# which will instruct cert-manager to create a TLS certificate
apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
id: certificate-crd
entity:
driver_type: humanitec/template
name: certificate-crd
type: tls-cert
criteria:
- class: default
driver_inputs:
values:
templates:
init: |
tlsSecretName: {{ .id }}-tls
hostName: ${resources.dns.outputs.host}
certificateName: {{ .id }}-cert
manifests: |
certificate-crd.yml:
data:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .init.certificateName }}
spec:
secretName: {{ .init.tlsSecretName }}
duration: 2160h # 90d
renewBefore: 720h # 30d
isCA: false
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
usages:
- server auth
- client auth
dnsNames:
- {{ .init.hostName | toString | toRawJson }}
# The name of the issuerRef must point to the issuer / clusterIssuer in your cluster
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
location: namespace
outputs: |
tls_secret_name: {{ .init.tlsSecretName }}
certificate-crd.tf
(
view on GitHub
)
:
resource "humanitec_resource_definition" "certificate-crd" {
driver_type = "humanitec/template"
id = "certificate-crd"
name = "certificate-crd"
type = "tls-cert"
driver_inputs = {
values_string = jsonencode({
"templates" = {
"init" = <<END_OF_TEXT
tlsSecretName: {{ .id }}-tls
hostName: $${resources.dns.outputs.host}
certificateName: {{ .id }}-cert
END_OF_TEXT
"manifests" = <<END_OF_TEXT
certificate-crd.yml:
data:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .init.certificateName }}
spec:
secretName: {{ .init.tlsSecretName }}
duration: 2160h # 90d
renewBefore: 720h # 30d
isCA: false
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
usages:
- server auth
- client auth
dnsNames:
- {{ .init.hostName | toString | toRawJson }}
# The name of the issuerRef must point to the issuer / clusterIssuer in your cluster
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
location: namespace
END_OF_TEXT
"outputs" = "tls_secret_name: {{ .init.tlsSecretName }}\n"
}
})
}
}
resource "humanitec_resource_definition_criteria" "certificate-crd_criteria_0" {
resource_definition_id = resource.humanitec_resource_definition.certificate-crd.id
class = "default"
}