Home > database >  Passing certificate arn to ingress annotation using Terraform
Passing certificate arn to ingress annotation using Terraform

Time:10-12

Background

Hi all, Terraform newbie here.

I'm trying to poll an existing AWS certificate ARN and use that value in my ingress.tf file ingress object annotation.

As a first step, I tried to poll the value using the below terraform code:

  # get-certificate-arn.tf
  data "aws_acm_certificate" "test" {
  domain   = "test.example.com"
  statuses = ["ISSUED"]
  }
  output "test" {
  value = data.aws_acm_certificate.test.*.arn
  description = "TESTING"
  }

When I run this code, it gives me my certificate ARN back (YEY!) like the example below:

Changes to Outputs:
    debugging = [
        [
            "arn:aws:acm:us-east-1:1234567890:certificate/12345abc-123-456-789def-12345etc",
]

Question:

I'd like to take this to the next level and use the output from above to feed the ingress annotations as shown by "???" in the code below:

# ingress.tf
resource "kubernetes_ingress_v1" "test_ingress" {
  metadata {
    name      = "test-ingress"
    namespace = "default"

    annotations = {
      "alb.ingress.kubernetes.io/certificate-arn"      = ????
      ...etc...
    }
  }

I've tried: "alb.ingress.kubernetes.io/certificate-arn" = data.aws_acm_certificate.test.*.arn which doesn't work but I can't quite figure out how to pass the value from the get-certificate-arn.tf "data.aws_acm_certificate.test.arn" to the ingress.tf file.

The error I get is:

Error: Incorrect attribute value type
│
│   on ingress.tf line 6, in resource "kubernetes_ingress_v1" "test_ingress":
│    6:     annotations = {
│    9:       "alb.ingress.kubernetes.io/certificate-arn"      = data.aws_acm_certificate.test.*.arn
        [...truncated...]
│   16:     }
│     ├────────────────
│     │ data.aws_acm_certificate.test is object with 11 attributes
│
│ Inappropriate value for attribute "annotations": element "alb.ingress.kubernetes.io/certificate-arn": string required.

If anyone could advise how (IF?!) one can pass a variable to kubernetes_ingress_v1 'annotations' that would be amazing. I'm still learning Terraform and am still reviewing the fundamentals of passing variables around.

CodePudding user response:

Have you tried maybe using :

"${data.aws_acm_certificate.test.arn}"

or alternatively you can build the whole annotations block as a local

local{
 ingress_annotations = {
   somekey  = somevalue
   some_other_key  = data.aws_acm_certificate.test.arn
}

and using it in the resource

annotations = local.ingress_annotations

I'm not that keen on TF but you might need to have a more complex setup with a for loop.

local{
 ingress_annotations = [
   {key  = value } ,{key = data.aws_acm_certificate.test.arn}
   ]
}

resource "kubernetes_ingress_v1" "test_ingress" {
  metadata {
    name      = "test-ingress"
    namespace = "default"

    annotations = {for line in local.ingress_annotations : line.key => line.value
    }
  }

CodePudding user response:

In the end, the solution was a typo in the data field, removing the "*" resolved the issue. For interests sake, if you want to combine two certificates to an ingress annotation you can join them as shown here[1]:

"alb.ingress.kubernetes.io/certificate-arn"      = format("%s,%s",data.aws_acm_certificate.test.arn,data.aws_acm_certificate.test2.arn)

Page link:https//www.codepudding.com/database/573649.html

Prev:Terraform read single-item list
Next:How to merge new field value to an existing firestore document with flutter?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding