87 lines
1.8 KiB
TypeScript
87 lines
1.8 KiB
TypeScript
import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
|
|
import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
|
|
import { Construct } from "constructs";
|
|
|
|
type PrivateIssuerOptions = {
|
|
provider: KubernetesProvider;
|
|
namespace: string;
|
|
apiVersion: string;
|
|
commonName: string;
|
|
secretName: string;
|
|
privateKey: {
|
|
algorithm: "RSA" | "ECDSA" | "Ed25519";
|
|
size: number;
|
|
};
|
|
};
|
|
|
|
export class PrivateIssuer extends Construct {
|
|
constructor(scope: Construct, id: string, options: PrivateIssuerOptions) {
|
|
super(scope, id);
|
|
|
|
const {
|
|
provider,
|
|
namespace,
|
|
commonName,
|
|
privateKey,
|
|
secretName,
|
|
apiVersion,
|
|
} = options;
|
|
|
|
// Self-signed ClusterIssuer for initial CA
|
|
new Manifest(this, "ca-issuer", {
|
|
provider,
|
|
manifest: {
|
|
apiVersion,
|
|
kind: "ClusterIssuer",
|
|
metadata: {
|
|
name: "ca-issuer",
|
|
},
|
|
spec: {
|
|
selfSigned: {},
|
|
},
|
|
},
|
|
});
|
|
|
|
// Self-signed CA Certificate
|
|
new Manifest(this, "selfsigned-ca", {
|
|
provider,
|
|
manifest: {
|
|
apiVersion,
|
|
kind: "Certificate",
|
|
metadata: {
|
|
name: "selfsigned-ca",
|
|
namespace,
|
|
},
|
|
spec: {
|
|
isCA: true,
|
|
commonName,
|
|
secretName,
|
|
privateKey,
|
|
issuerRef: {
|
|
name: "ca-issuer",
|
|
kind: "ClusterIssuer",
|
|
group: "cert-manager.io",
|
|
},
|
|
},
|
|
},
|
|
});
|
|
|
|
// CA-based ClusterIssuer
|
|
new Manifest(this, "cluster-issuer", {
|
|
provider,
|
|
manifest: {
|
|
apiVersion,
|
|
kind: "ClusterIssuer",
|
|
metadata: {
|
|
name: "cluster-issuer",
|
|
},
|
|
spec: {
|
|
ca: {
|
|
secretName,
|
|
},
|
|
},
|
|
},
|
|
});
|
|
}
|
|
}
|