khuedoan-homelab/external/cert_manager.tf

resource "cloudflare_api_token" "cert_manager" {
  name = "homelab_cert_manager"

  policy {
    permission_groups = [
      data.cloudflare_api_token_permission_groups.all.permissions["Zone Read"],
      data.cloudflare_api_token_permission_groups.all.permissions["DNS Write"]
    ]
    resources = {
      "com.cloudflare.api.account.zone.*" = "*"
    }
  }

  condition {
    request_ip {
      in = local.public_ips
    }
  }
}

resource "kubernetes_secret" "cert_manager_token" {
  metadata {
    name      = "cloudflare-api-token"
    namespace = "cert-manager"
  }

  data = {
    "api-token" = cloudflare_api_token.cert_manager.value
  }
}
refactor(external): split Cloudflare into multiple files 2021-12-25 02:06:05 +07:00			`resource "cloudflare_api_token" "cert_manager" {`
			`name = "homelab_cert_manager"`

			`policy {`
			`permission_groups = [`
			`data.cloudflare_api_token_permission_groups.all.permissions["Zone Read"],`
			`data.cloudflare_api_token_permission_groups.all.permissions["DNS Write"]`
			`]`
			`resources = {`
			`"com.cloudflare.api.account.zone." = ""`
			`}`
			`}`

			`condition {`
			`request_ip {`
			`in = local.public_ips`
			`}`
			`}`
			`}`

			`resource "kubernetes_secret" "cert_manager_token" {`
			`metadata {`
			`name = "cloudflare-api-token"`
			`namespace = "cert-manager"`
			`}`

			`data = {`
			`"api-token" = cloudflare_api_token.cert_manager.value`
			`}`
			`}`