added letsencrypt configuration for traefik
This commit is contained in:
parent
5384643866
commit
285e115475
8
main.tf
8
main.tf
@ -166,9 +166,11 @@ resource "local_file" "hetzner_csi_config" {
|
||||
|
||||
resource "local_file" "traefik_config" {
|
||||
content = templatefile("${path.module}/templates/traefik_config.yaml.tpl", {
|
||||
lb_disable_ipv6 = var.lb_disable_ipv6
|
||||
lb_server_type = var.lb_server_type
|
||||
location = var.location
|
||||
lb_disable_ipv6 = var.lb_disable_ipv6
|
||||
lb_server_type = var.lb_server_type
|
||||
location = var.location
|
||||
traefik_acme_tls = var.traefik_acme_tls
|
||||
traefik_acme_email = var.traefik_acme_email
|
||||
})
|
||||
filename = "${path.module}/templates/rendered/traefik_config.yaml"
|
||||
file_permission = "0644"
|
||||
|
@ -24,3 +24,9 @@ spec:
|
||||
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||
%{ if traefik_acme_tls ~}
|
||||
- "--certificatesresolvers.le.acme.httpchallenge=true"
|
||||
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
|
||||
- "--certificatesresolvers.le.acme.email=${traefik_acme_email}"
|
||||
- "--certificatesresolvers.le.acme.storage=/data/acme.json"
|
||||
%{ endif ~}
|
@ -25,3 +25,7 @@ agents_num = 2
|
||||
# that is probably the more "vanilla" option to keep these components always updated.
|
||||
# hetzner_ccm_containers_latest = true
|
||||
# hetzner_csi_containers_latest = true
|
||||
|
||||
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
|
||||
# traefik_acme_tls = true
|
||||
# traefik_acme_email = "mail@example.com"
|
||||
|
13
variables.tf
13
variables.tf
@ -78,3 +78,16 @@ variable "hetzner_csi_containers_latest" {
|
||||
default = false
|
||||
description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers"
|
||||
}
|
||||
|
||||
variable "traefik_acme_tls" {
|
||||
type = bool
|
||||
default = false
|
||||
description = "Wheter to include the TLS configuration with the Traefik configuration"
|
||||
}
|
||||
|
||||
variable "traefik_acme_email" {
|
||||
type = string
|
||||
default = false
|
||||
description = "Email used to recieved expiration notice for certificate"
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user