Merge pull request #37 from Olivierwenger/feature/add-tls
added letsencrypt with http challenge configuration for traefik
This commit is contained in:
commit
87e6ac43f3
8
main.tf
8
main.tf
@ -166,9 +166,11 @@ resource "local_file" "hetzner_csi_config" {
|
|||||||
|
|
||||||
resource "local_file" "traefik_config" {
|
resource "local_file" "traefik_config" {
|
||||||
content = templatefile("${path.module}/templates/traefik_config.yaml.tpl", {
|
content = templatefile("${path.module}/templates/traefik_config.yaml.tpl", {
|
||||||
lb_disable_ipv6 = var.lb_disable_ipv6
|
lb_disable_ipv6 = var.lb_disable_ipv6
|
||||||
lb_server_type = var.lb_server_type
|
lb_server_type = var.lb_server_type
|
||||||
location = var.location
|
location = var.location
|
||||||
|
traefik_acme_tls = var.traefik_acme_tls
|
||||||
|
traefik_acme_email = var.traefik_acme_email
|
||||||
})
|
})
|
||||||
filename = "${path.module}/templates/rendered/traefik_config.yaml"
|
filename = "${path.module}/templates/rendered/traefik_config.yaml"
|
||||||
file_permission = "0644"
|
file_permission = "0644"
|
||||||
|
@ -24,3 +24,8 @@ spec:
|
|||||||
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||||
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||||
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||||
|
%{ if traefik_acme_tls ~}
|
||||||
|
- "--certificatesresolvers.le.acme.tlschallenge=true"
|
||||||
|
- "--certificatesresolvers.le.acme.email=${traefik_acme_email}"
|
||||||
|
- "--certificatesresolvers.le.acme.storage=/data/acme.json"
|
||||||
|
%{ endif ~}
|
@ -25,3 +25,7 @@ agents_num = 2
|
|||||||
# that is probably the more "vanilla" option to keep these components always updated.
|
# that is probably the more "vanilla" option to keep these components always updated.
|
||||||
# hetzner_ccm_containers_latest = true
|
# hetzner_ccm_containers_latest = true
|
||||||
# hetzner_csi_containers_latest = true
|
# hetzner_csi_containers_latest = true
|
||||||
|
|
||||||
|
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
|
||||||
|
# traefik_acme_tls = true
|
||||||
|
# traefik_acme_email = "mail@example.com"
|
||||||
|
13
variables.tf
13
variables.tf
@ -78,3 +78,16 @@ variable "hetzner_csi_containers_latest" {
|
|||||||
default = false
|
default = false
|
||||||
description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers"
|
description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "traefik_acme_tls" {
|
||||||
|
type = bool
|
||||||
|
default = false
|
||||||
|
description = "Wheter to include the TLS configuration with the Traefik configuration"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "traefik_acme_email" {
|
||||||
|
type = string
|
||||||
|
default = false
|
||||||
|
description = "Email used to recieved expiration notice for certificate"
|
||||||
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user