Terraform-provider-kubernetes: New Resource: kubernetes_certificate_signing_request for TLS

Created on 20 May 2019  ·  8Comments  ·  Source: hashicorp/terraform-provider-kubernetes

We use TLS certificates generated by the K8s CA to secure traffic to several ClusterIP services and trust them within the cluster.

We'd like to manage this from Terraform but would need the CertificateSigningRequest resource to be supported and a method of approving it similar to: kubectl certificate approve.

Perhaps these would be best combined into a single Terraform resource with a boolean toggle option for auto-approval?

Example configuration:

resource "tls_cert_request" "my-service-csr" {
  key_algorithm   = "ECDSA"
  private_key_pem = "${file("private_key.pem")}"

  subject {
    common_name  = "my-service.default.svc.cluster.local"
    organization = "ACME Examples, Inc"
  }
}

resource "kubernetes_certificate_signing_request" "my-cert" {
  name        = "my-cert"
  request     = "${tls_cert_request.my-service-csr}"
  usages      = ["digital signature", "key encipherment", "server auth"]
  autoapprove = true
}

Relevant Links:

acknowledged enhancement needs investigation new-resource sizM themcoverage
Source
picture dijitali
👍15

Most helpful comment

If it results useful for anyone, this is my current workaround:
https://gist.github.com/irpaglide/3cd093c7f2188a1002afec2734425a8d

picture irpaglide on 23 Jun 2020
👍2

All 8 comments

If it results useful for anyone, this is my current workaround:
https://gist.github.com/irpaglide/3cd093c7f2188a1002afec2734425a8d

irpaglide picture irpaglide on 23 Jun 2020
👍2

Yes, it would be nice to have such as feature.

Currently we have to use a bash script instead of terraform resources.

jmgalvez picture jmgalvez on 9 Jul 2020

Closing since the fixed merged. It should be released later this week.

dak1n1 picture dak1n1 on 17 Aug 2020

Provider version 1.13 contains a kubernetes_certificate_signing_request resource. But how do I get the actual signed certificate?

devurandom picture devurandom on 3 Nov 2020

Provider version 1.13 contains a kubernetes_certificate_signing_request resource. But how do I get the actual signed certificate?

The resource has an undocumented certificate attribute.

devurandom picture devurandom on 3 Nov 2020

Good catch! I just updated the docs with an example that will show how to use it:

https://github.com/hashicorp/terraform-provider-kubernetes/blob/34cb0d9678f2ebddbcbb9288ee32397948e4fd01/website/docs/r/certificate_signing_request.html.markdown

dak1n1 picture dak1n1 on 6 Nov 2020
🎉1

Closing since this resource has been implemented.

dak1n1 picture dak1n1 on 12 Nov 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 13 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

heidemn picture heidemn  ·  4Comments
landorg picture landorg  ·  3Comments
joe-a-t picture joe-a-t  ·  3Comments
rehevkor5 picture rehevkor5  ·  3Comments
dhild picture dhild  ·  4Comments