hermannolafs · October 29, 2024 14:45 · hermannolafs · Oct 15, 2024
diff --git a/main.tf b/main.tf

 # It's recommended to install this before the chart
 # This is part of bootstrapping a cluster, 
 # but you probably should not be doing it this way, dingus
 data "http" "cm_crds" {
    url = "https://github.com/cert-manager/cert-manager/releases/download/v${var.cert_manager_version}/cert-manager.crds.yaml"
 }

 locals {
    crd_map = {
        # We do this to avoid the whole manifest being the key in the resource list below, leading to
        # insane output. This instead means the name of the crd becomes the key.
        # This is absolutely not the most efficient way to do this, but neither is downloading the crd 
        # like we do above and splitting it up like we do here.
        for crd in split("\n---\n", data.http.cm_crds.response_body) : yamldecode(crd).metadata.name => yamldecode(crd)
    }
 }

 resource "kubernetes_manifest" "cm_crds" {
    depends_on = [ 
        azurerm_kubernetes_cluster.this,
    ]

    for_each = local.crd_map

    lifecycle {
      precondition {
        condition = data.http.cm_crds.status_code == 200
        error_message = "Failed fetching Cert Manager CRDs at data.http.cm_crds"
      }
    }

    manifest = each.value
 }

 resource "kubernetes_namespace" "cm" {
    depends_on = [
        data.http.cm_crds,
        kubernetes_manifest.cm_crds
    ]

    metadata {
        name = "cert-manager"
    }
 }

 resource "helm_release" "cert_manager" {
    depends_on = [ kubernetes_namespace.cm ]

    name = "cert-manager"
    repository = "https://charts.jetstack.io"
    chart = "cert-manager"
    version = var.cert_manager_version
    namespace = resource.kubernetes_namespace.cm.id
 }

	# It's recommended to install this before the chart
	# This is part of bootstrapping a cluster,
	# but you probably should not be doing it this way, dingus
	data "http" "cm_crds" {
	url = "https://github.com/cert-manager/cert-manager/releases/download/v${var.cert_manager_version}/cert-manager.crds.yaml"
	}

	locals {
	crd_map = {
	# We do this to avoid the whole manifest being the key in the resource list below, leading to
	# insane output. This instead means the name of the crd becomes the key.
	# This is absolutely not the most efficient way to do this, but neither is downloading the crd
	# like we do above and splitting it up like we do here.
	for crd in split("\n---\n", data.http.cm_crds.response_body) : yamldecode(crd).metadata.name => yamldecode(crd)
	}
	}

	resource "kubernetes_manifest" "cm_crds" {
	depends_on = [
	azurerm_kubernetes_cluster.this,
	]

	for_each = local.crd_map

	lifecycle {
	precondition {
	condition = data.http.cm_crds.status_code == 200
	error_message = "Failed fetching Cert Manager CRDs at data.http.cm_crds"
	}
	}

	manifest = each.value
	}

	resource "kubernetes_namespace" "cm" {
	depends_on = [
	data.http.cm_crds,
	kubernetes_manifest.cm_crds
	]

	metadata {
	name = "cert-manager"
	}
	}

	resource "helm_release" "cert_manager" {
	depends_on = [ kubernetes_namespace.cm ]

	name = "cert-manager"
	repository = "https://charts.jetstack.io"
	chart = "cert-manager"
	version = var.cert_manager_version
	namespace = resource.kubernetes_namespace.cm.id
	}