Refactor terraform files to include Cloudflare API Token

adamlahbib · Nov 17, 2024 · 02c89b9 · 02c89b9
1 parent 5c28d67
commit 02c89b9
Show file tree

Hide file tree

Showing 8 changed files with 24 additions and 5 deletions.
diff --git a/.github/actions/terraform-apply/action.yaml b/.github/actions/terraform-apply/action.yaml
@@ -32,6 +32,9 @@ inputs:
   CLOUDFLARE_EMAIL:
     description: 'Cloudflare Email'
     required: true
+  CLOUDFLARE_API_TOKEN:
+    description: 'Cloudflare API Token'
+    required: true
 
 runs:
   using: 'composite'
@@ -49,6 +52,7 @@ runs:
         TF_VAR_CLOUDFLARE_ZONE_ID: ${{ inputs.CLOUDFLARE_ZONE_ID }}
         TF_VAR_CLOUDFLARE_TOKEN: ${{ inputs.CLOUDFLARE_TOKEN }}
         TF_VAR_CLOUDFLARE_EMAIL: ${{ inputs.CLOUDFLARE_EMAIL }}
+        TF_VAR_CLOUDFLARE_API_TOKEN: ${{ inputs.CLOUDFLARE_API_TOKEN }}
       uses: dflook/terraform-apply@v1
       with:
         path: ./terraform

diff --git a/.github/actions/terraform-destroy/action.yaml b/.github/actions/terraform-destroy/action.yaml
@@ -32,6 +32,9 @@ inputs:
   CLOUDFLARE_EMAIL:
     description: 'Cloudflare Email'
     required: true
+  CLOUDFLARE_API_TOKEN:
+    description: 'Cloudflare API Token'
+    required: true
 
 runs:
   using: 'composite'
@@ -49,6 +52,7 @@ runs:
         TF_VAR_CLOUDFLARE_ZONE_ID: ${{ inputs.CLOUDFLARE_ZONE_ID }}
         TF_VAR_CLOUDFLARE_TOKEN: ${{ inputs.CLOUDFLARE_TOKEN }}
         TF_VAR_CLOUDFLARE_EMAIL: ${{ inputs.CLOUDFLARE_EMAIL }}
+        TF_VAR_CLOUDFLARE_API_TOKEN: ${{ inputs.CLOUDFLARE_API_TOKEN }}
       uses: dflook/terraform-destroy@v1
       with:
         path: ./terraform

diff --git a/.github/actions/terraform-plan/action.yaml b/.github/actions/terraform-plan/action.yaml
@@ -35,6 +35,9 @@ inputs:
   CLOUDFLARE_EMAIL:
     description: 'Cloudflare Email'
     required: true
+  CLOUDFLARE_API_TOKEN:
+    description: 'Cloudflare API Token'
+    required: true
 
 runs:
   using: 'composite'
@@ -56,6 +59,7 @@ runs:
         TF_VAR_CLOUDFLARE_ZONE_ID: ${{ inputs.CLOUDFLARE_ZONE_ID }}
         TF_VAR_CLOUDFLARE_TOKEN: ${{ inputs.CLOUDFLARE_TOKEN }}
         TF_VAR_CLOUDFLARE_EMAIL: ${{ inputs.CLOUDFLARE_EMAIL }}
+        TF_VAR_CLOUDFLARE_API_TOKEN: ${{ inputs.CLOUDFLARE_API_TOKEN }}
       uses: dflook/terraform-plan@v1
       with:
         path: ./terraform

diff --git a/.github/workflows/destroy.yaml b/.github/workflows/destroy.yaml
@@ -13,6 +13,7 @@ env:
   CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
   CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
   CLOUDFLARE_EMAIL: ${{ secrets.CLOUDFLARE_EMAIL }}
+  CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
 
 jobs:
   terraform-destroy:
@@ -48,3 +49,4 @@ jobs:
           CLOUDFLARE_ZONE_ID: ${{ env.CLOUDFLARE_ZONE_ID }}
           CLOUDFLARE_TOKEN: ${{ env.CLOUDFLARE_TOKEN }}
           CLOUDFLARE_EMAIL: ${{ env.CLOUDFLARE_EMAIL }}
+          CLOUDFLARE_API_TOKEN: ${{ env.CLOUDFLARE_API_TOKEN }}
diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml
@@ -21,6 +21,7 @@ env:
   CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
   CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
   CLOUDFLARE_EMAIL: ${{ secrets.CLOUDFLARE_EMAIL }}
+  CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
 
 jobs: 
   terraform-plan:
@@ -56,4 +57,5 @@ jobs:
           GRAFANA_ADMIN_PASSWORD: ${{ env.GRAFANA_ADMIN_PASSWORD }}
           CLOUDFLARE_ZONE_ID: ${{ env.CLOUDFLARE_ZONE_ID }}
           CLOUDFLARE_TOKEN: ${{ env.CLOUDFLARE_TOKEN }}
-          CLOUDFLARE_EMAIL: ${{ env.CLOUDFLARE_EMAIL }}
+          CLOUDFLARE_EMAIL: ${{ env.CLOUDFLARE_EMAIL }}
+          CLOUDFLARE_API_TOKEN: ${{ env.CLOUDFLARE_API_TOKEN }}
diff --git a/.github/workflows/sync-and-deploy.yaml b/.github/workflows/sync-and-deploy.yaml
@@ -18,6 +18,7 @@ env:
   CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
   CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
   CLOUDFLARE_EMAIL: ${{ secrets.CLOUDFLARE_EMAIL }}
+  CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
 
 jobs: 
   terraform-apply:
@@ -55,6 +56,7 @@ jobs:
           CLOUDFLARE_ZONE_ID: ${{ env.CLOUDFLARE_ZONE_ID }}
           CLOUDFLARE_TOKEN: ${{ env.CLOUDFLARE_TOKEN }}
           CLOUDFLARE_EMAIL: ${{ env.CLOUDFLARE_EMAIL }}
+          CLOUDFLARE_API_TOKEN: ${{ env.CLOUDFLARE_API_TOKEN }}
 
       - name: Prepare Slack Notification
         if: always()

diff --git a/terraform/main.tf b/terraform/main.tf
@@ -2,6 +2,7 @@ variable "GRAFANA_ADMIN_PASSWORD" { type= string }
 variable "CLOUDFLARE_ZONE_ID" { type= string }
 variable "CLOUDFLARE_TOKEN" { type= string }
 variable "CLOUDFLARE_EMAIL" { type= string }
+variable "CLOUDFLARE_API_TOKEN" { type= string }
 
 terraform {
     backend "s3" {}

diff --git a/terraform/tls.tf b/terraform/tls.tf
@@ -18,7 +18,7 @@ resource "kubernetes_secret" "cloudflare_api_token" {
         namespace = "cert-manager"
     }
     data = {
-        api-token = base64encode(var.CLOUDFLARE_TOKEN)
+        api-token = base64encode(var.CLOUDFLARE_API_TOKEN)
     }
 }
 
@@ -27,14 +27,14 @@ resource "kubectl_manifest" "cluster_issuer" {
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-prod
-  namespace: cert-manager
+    name: letsencrypt-prod
+    namespace: cert-manager
 spec:
     acme:
         email: ${var.CLOUDFLARE_EMAIL}
         server: https://acme-v02.api.letsencrypt.org/directory
         privateKeySecretRef:
-        name: letsencrypt-prod-key
+            name: letsencrypt-prod
         solvers:
         - dns01:
             cloudflare: