使用社区提供商的解决方案

• 发现提供者“ k8s”已由原始作者https://github.com/ericchiang/terraform-provider-k8s存档。
  • 但是它已经由https://github.com/banzaicloud/terraform-provider-k8s#argument-reference
  维护

EKS解决方案

• 无需在本地存储k8s对象。
• 使用eks，我们可以配置连接以应用任何类型的资源

provider "k8s" {
  host                   = data.aws_eks_cluster.cluster.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.cluster.token
  load_config_file       = false
}

• 然后，仅使用资源而不创建文件

locals {
  cert_issuer = {
    apiVersion = "cert-manager.io/v1"
    kind       = "ClusterIssuer"
    metadata = {
      name = "letsencrypt-prd"
      #namespace: cert-manager it's cluster level no namespace
    }
    spec = {
      acme = {
        # https://letsencrypt.org/docs/acme-protocol-updates/
        server = "https://acme-v02.api.letsencrypt.org/directory"

        # Email for the cert contact
        email = "contact@${var.domain}"

        # Name of a secret used to store the ACME account private key
        privateKeySecretRef = {
          name = "${var.domain}-private-key-secret"
        }

        # Zone resolvers by Route53 DNS01 challenges
        solvers = [{
          selector = {
            dnsZones = [var.domain]
          }
          dns01 = {
            route53 = {
              region = var.aws_region
              # https://stackoverflow.com/questions/63402926/fetch-zone-id-of-hosted-domain-on-route53-using-terraform/63403290#63403290
              hostedZoneID = data.aws_route53_zone.domain_hosted_zone.zone_id
            }
          }
        }]
      }
    }
  }
}

# creating the cert_manager_cluster_issuer namespace
resource "k8s_manifest" "cert_manager_cluster_issuer" {
  content   = yamlencode(local.cert_issuer)
  namespace = local.cert_manager_namespace

  # depends_on = [local_file.kubeconfig]
}