From 0186791280cde84a335d5e2b631582c94f79c729 Mon Sep 17 00:00:00 2001
From: Simon Emms <simon@simonemms.com>
Date: Fri, 1 Nov 2024 16:30:08 +0000
Subject: [PATCH] feat: provide the cert-issuer as a variable

---
 modules/kubernetes/README.md          | 1 +
 modules/kubernetes/argocd.tf          | 3 ++-
 modules/kubernetes/files/argocd.yaml  | 2 +-
 modules/kubernetes/variables.tf       | 6 ++++++
 stacks/prod/kubernetes/terragrunt.hcl | 1 +
 5 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/modules/kubernetes/README.md b/modules/kubernetes/README.md
index 2d02858..7ae8508 100644
--- a/modules/kubernetes/README.md
+++ b/modules/kubernetes/README.md
@@ -38,6 +38,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_argocd_version"></a> [argocd\_version](#input\_argocd\_version) | Version of ArgoCD to use - defaults to latest | `string` | `null` | no |
+| <a name="input_cluster_issuer"></a> [cluster\_issuer](#input\_cluster\_issuer) | Cluster issuer to use for certificate | `string` | `"letsencrypt-staging"` | no |
 | <a name="input_domain"></a> [domain](#input\_domain) | Domain to use - this may be a top-level or subdomain | `string` | n/a | yes |
 | <a name="input_hcloud_network_name"></a> [hcloud\_network\_name](#input\_hcloud\_network\_name) | Name of the network | `string` | n/a | yes |
 | <a name="input_hcloud_token"></a> [hcloud\_token](#input\_hcloud\_token) | Write token for the Hetzner API | `string` | n/a | yes |
diff --git a/modules/kubernetes/argocd.tf b/modules/kubernetes/argocd.tf
index 0988b18..6ccadf8 100644
--- a/modules/kubernetes/argocd.tf
+++ b/modules/kubernetes/argocd.tf
@@ -28,7 +28,8 @@ resource "helm_release" "argocd" {
 
   values = [
     templatefile("${path.module}/files/argocd.yaml", {
-      domain = "argocd.${var.domain}"
+      cluster_issuer = var.cluster_issuer
+      domain         = "argocd.${var.domain}"
     })
   ]
 }
diff --git a/modules/kubernetes/files/argocd.yaml b/modules/kubernetes/files/argocd.yaml
index 29f4242..49274e7 100644
--- a/modules/kubernetes/files/argocd.yaml
+++ b/modules/kubernetes/files/argocd.yaml
@@ -17,7 +17,7 @@ server:
       nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
       nginx.ingress.kubernetes.io/backend-protocol: HTTP
       kubernetes.io/tls-acme: "true"
-      cert-manager.io/cluster-issuer: letsencrypt
+      cert-manager.io/cluster-issuer: ${cluster_issuer}
     tls: true
     extraTLS:
       - hosts:
diff --git a/modules/kubernetes/variables.tf b/modules/kubernetes/variables.tf
index fce7229..2d97652 100644
--- a/modules/kubernetes/variables.tf
+++ b/modules/kubernetes/variables.tf
@@ -18,6 +18,12 @@ variable "argocd_version" {
   default     = null
 }
 
+variable "cluster_issuer" {
+  type        = string
+  description = "Cluster issuer to use for certificate"
+  default     = "letsencrypt-staging"
+}
+
 variable "domain" {
   type        = string
   description = "Domain to use - this may be a top-level or subdomain"
diff --git a/stacks/prod/kubernetes/terragrunt.hcl b/stacks/prod/kubernetes/terragrunt.hcl
index a92f424..b5bf1dd 100644
--- a/stacks/prod/kubernetes/terragrunt.hcl
+++ b/stacks/prod/kubernetes/terragrunt.hcl
@@ -32,6 +32,7 @@ dependency "hetzner" {
 }
 
 inputs = {
+  cluster_issuer         = "letsencrypt"
   domain                 = "prod.simonemms.com"
   hcloud_network_name    = dependency.hetzner.outputs.hcloud_network_name
   k3s_cluster_cidr       = dependency.hetzner.outputs.k3s_cluster_cidr