Add explicit "create_ca" bool (#1)

TakeScoop · Aug 24, 2018 · 2bdabbc · 2bdabbc
1 parent 55a9f82
commit 2bdabbc
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/tls-k8s.tf b/tls-k8s.tf
@@ -13,14 +13,14 @@
 
 # Kubernetes CA (tls/{ca.crt,ca.key})
 resource "tls_private_key" "kube-ca" {
-  count = "${var.ca_certificate == "" ? 1 : 0}"
+  count = "${var.create_ca == 1 ? 1 : 0}"
 
   algorithm = "RSA"
   rsa_bits  = "2048"
 }
 
 resource "tls_self_signed_cert" "kube-ca" {
-  count = "${var.ca_certificate == "" ? 1 : 0}"
+  count = "${var.create_ca == 1 ? 1 : 0}"
 
   key_algorithm   = "${tls_private_key.kube-ca.algorithm}"
   private_key_pem = "${tls_private_key.kube-ca.private_key_pem}"

diff --git a/variables.tf b/variables.tf
@@ -81,6 +81,11 @@ variable "trusted_certs_dir" {
   default     = "/usr/share/ca-certificates"
 }
 
+variable "create_ca" {
+  description = "Toggles creation of a CA (omit ca_certificate when true)"
+  default     = true
+}
+
 variable "ca_certificate" {
   description = "Existing PEM-encoded CA certificate (generated if blank)"
   type        = "string"