I am attempting to use terraform to auto deploy certs through lets encrypt. I am struggling to connect the dots.
I see this link, (https://www.terraform.io/docs/providers/acme/index.html) but the example is actually passing in an Account Key and a Private key. I actually want terraform to setup a cert-manager in my GKE and go get the cert.
provider "acme" {
server_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
}
resource "tls_private_key" "private_key" {
algorithm = "RSA"
}
resource "acme_registration" "reg" {
account_key_pem = "${tls_private_key.private_key.private_key_pem}"
email_address = "nobody@example.com"
}
resource "acme_certificate" "certificate" {
account_key_pem = "${acme_registration.reg.account_key_pem}"
common_name = "www.example.com"
subject_alternative_names = ["www2.example.com"]
dns_challenge {
provider = "route53"
}
}
I also see this (https://www.terraform.io/docs/providers/acme/dns_providers/godaddy.html) that I can provide a DNS Challenge (Domain was purchased through godaddy). I don’t see any way to get a hold of the cert and store it in my cloud (ideally as a K8s secret).
resource "acme_certificate" "certificate" {
...
dns_challenge {
provider = "godaddy"
}
}
My goal (assuming that I am thinking straight) is that terraform can setup the cert manager and begin the challenge question. On success a new cert will be created and stored as a K8s secret.
Is this possible? Am I thinking straight?
Thank you.
Craig