Add cert-manager initial commit.

src/_nebari/stages/kubernetes_ingress/__init__.py

@@ -198,6 +198,7 @@ def input_vars(self, stage_outputs: Dict[str, Dict[str, Any]]):
                 **self.config.ingress.terraform_overrides,
             },
             **cert_details,
+            "domain": self.config.domain
         }
 
     def set_outputs(

src/_nebari/stages/kubernetes_ingress/template/main.tf

@@ -14,4 +14,5 @@ module "kubernetes-ingress" {
   load-balancer-annotations = var.load-balancer-annotations
   load-balancer-ip          = var.load-balancer-ip
   additional-arguments      = var.additional-arguments
+  domain                    = var.domain
 }

src/_nebari/stages/kubernetes_ingress/template/modules/kubernetes/ingress/main.tf

@@ -374,3 +374,52 @@ resource "kubernetes_manifest" "tlsstore_default" {
     }
   }
 }
+
+resource "kubernetes_manifest" "clusterissuer" {
+  manifest = {
+    "apiVersion" = "cert-manager.io/v1"
+    "kind"       = "ClusterIssuer"
+    "metadata" = {
+      "name" = "cert-manager-cluster-issuer"
+    }
+    "spec" = {
+      "acme" : {
+        "server" = var.acme-server
+        "email"  = var.acme-email
+        "privateKeySecretRef" = {
+          "name" = "letsencrypt-prod"
+        }
+        "solvers" = [{
+          "http01" = {
+            "ingress" = {
+              "class" = "traefik"
+            }
+          }
+        }]
+      }
+    }
+  }
+}
+
+
+resource "kubernetes_manifest" "certificate_local_nebari_dev" {
+  manifest = {
+    "apiVersion" = "cert-manager.io/v1"
+    "kind"       = "Certificate"
+    "metadata" = {
+      "name"      = "nlb-lab-tls-cert"
+      "namespace" = var.namespace
+    }
+    "spec" = {
+      "commonName" = var.domain
+      "secretName" = "tls-ingress-http"
+      "issuerRef" = {
+        "name" = "cert-manager-cluster-issuer"
+        "kind" = "ClusterIssuer"
+      }
+      "dnsNames" = [
+        var.domain
+      ]
+    }
+  }
+}

src/_nebari/stages/kubernetes_ingress/template/modules/kubernetes/ingress/variables.tf

@@ -73,3 +73,9 @@ variable "additional-arguments" {
   type        = list(string)
   default     = []
 }
+
+variable "domain" {
+  description = "Domain name."
+  type        = string
+  default     = null
+}

src/_nebari/stages/kubernetes_ingress/template/variables.tf

@@ -69,3 +69,9 @@ variable "additional-arguments" {
   type        = list(string)
   default     = []
 }
+
+variable "domain" {
+  description = "Domain name."
+  type        = string
+  default     = null
+}

src/_nebari/stages/kubernetes_initialize/template/main.tf

@@ -5,6 +5,11 @@ module "kubernetes-initialization" {
   secrets   = []
 }
 
+module "cert-manager" {
+  source    = "./modules/cert-manager"
+  namespace = var.environment
+}
+
 module "kubernetes-autoscaling" {
   count = var.cloud_provider == "aws" ? 1 : 0
 

src/_nebari/stages/kubernetes_initialize/template/modules/cert-manager/main.tf

@@ -0,0 +1,12 @@
+resource "helm_release" "cert-manager" {
+  name       = "cert-manager"
+  namespace  = var.namespace
+  repository = "https://charts.jetstack.io"
+  chart      = "cert-manager"
+  version    = "v1.14.5"
+  set {
+    name  = "installCRDs"
+    value = "true"
+  }
+}
+

src/_nebari/stages/kubernetes_initialize/template/modules/cert-manager/values.yaml

@@ -0,0 +1,2 @@
+installCRDs: true
+replicaCount: 1

src/_nebari/stages/kubernetes_initialize/template/modules/cert-manager/variables.tf

@@ -0,0 +1,10 @@
+variable "namespace" {
+  description = "Namespace for helm chart resource"
+  type        = string
+}
+
+variable "overrides" {
+  description = "Helm overrides to apply"
+  type        = list(string)
+  default     = []
+}