github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/e2e/terraform/provision-nomad/tls.tf

github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/e2e/terraform/provision-nomad/tls.tf (about)

     1  resource "tls_private_key" "nomad" {
     2    algorithm   = "ECDSA"
     3    ecdsa_curve = "P384"
     4  }
     5  
     6  resource "tls_cert_request" "nomad" {
     7    private_key_pem = tls_private_key.nomad.private_key_pem
     8    ip_addresses    = [var.instance.public_ip, var.instance.private_ip, "127.0.0.1"]
     9    dns_names       = ["${var.role}.global.nomad"]
    10  
    11    subject {
    12      common_name = "${var.role}.global.nomad"
    13    }
    14  }
    15  
    16  resource "tls_locally_signed_cert" "nomad" {
    17    cert_request_pem   = tls_cert_request.nomad.cert_request_pem
    18    ca_private_key_pem = var.tls_ca_key
    19    ca_cert_pem        = var.tls_ca_cert
    20  
    21    validity_period_hours = 720
    22  
    23    # Reasonable set of uses for a server SSL certificate.
    24    allowed_uses = [
    25      "key_encipherment",
    26      "digital_signature",
    27      "client_auth",
    28      "server_auth",
    29    ]
    30  }
    31  
    32  resource "local_sensitive_file" "nomad_client_key" {
    33    content  = tls_private_key.nomad.private_key_pem
    34    filename = "keys/agent-${var.instance.public_ip}.key"
    35  }
    36  
    37  resource "local_sensitive_file" "nomad_client_cert" {
    38    content  = tls_locally_signed_cert.nomad.cert_pem
    39    filename = "keys/agent-${var.instance.public_ip}.crt"
    40  }