Search code examples
amazon-web-servicesterraformkubernetes-ingressterraform-provider-awsamazon-eks

Passing certificate arn to ingress annotation using Terraform

Background

Hi all, Terraform newbie here.

I'm trying to poll an existing AWS certificate ARN and use that value in my ingress.tf file ingress object annotation.

As a first step, I tried to poll the value using the below terraform code:

  # get-certificate-arn.tf
  data "aws_acm_certificate" "test" {
  domain   = "test.example.com"
  statuses = ["ISSUED"]
  }
  output "test" {
  value = data.aws_acm_certificate.test.*.arn
  description = "TESTING"
  }

When I run this code, it gives me my certificate ARN back (YEY!) like the example below:

Changes to Outputs:
  + debugging = [
      + [
          + "arn:aws:acm:us-east-1:1234567890:certificate/12345abc-123-456-789def-12345etc",
]

Question:

I'd like to take this to the next level and use the output from above to feed the ingress annotations as shown by "???" in the code below:

# ingress.tf
resource "kubernetes_ingress_v1" "test_ingress" {
  metadata {
    name      = "test-ingress"
    namespace = "default"

    annotations = {
      "alb.ingress.kubernetes.io/certificate-arn"      = ????
      ...etc...
    }
  }

I've tried: "alb.ingress.kubernetes.io/certificate-arn" = data.aws_acm_certificate.test.*.arn which doesn't work but I can't quite figure out how to pass the value from the get-certificate-arn.tf "data.aws_acm_certificate.test.arn" to the ingress.tf file.

The error I get is:

Error: Incorrect attribute value type
│
│   on ingress.tf line 6, in resource "kubernetes_ingress_v1" "test_ingress":
│    6:     annotations = {
│    9:       "alb.ingress.kubernetes.io/certificate-arn"      = data.aws_acm_certificate.test.*.arn
        [...truncated...]
│   16:     }
│     ├────────────────
│     │ data.aws_acm_certificate.test is object with 11 attributes
│
│ Inappropriate value for attribute "annotations": element "alb.ingress.kubernetes.io/certificate-arn": string required.

If anyone could advise how (IF?!) one can pass a variable to kubernetes_ingress_v1 'annotations' that would be amazing. I'm still learning Terraform and am still reviewing the fundamentals of passing variables around.

Solution

  • In the end, the solution was a typo in the data field, removing the "*" resolved the issue. For interests sake, if you want to combine two certificates to an ingress annotation you can join them as shown here[1]:

    "alb.ingress.kubernetes.io/certificate-arn"      = format("%s,%s",data.aws_acm_certificate.test.arn,data.aws_acm_certificate.test2.arn)