fix: remove unsupported values from the cert-manager field

aks/locals.tf

@@ -44,14 +44,6 @@ locals {
           "azure.workload.identity/client-id" = azurerm_user_assigned_identity.cert_manager.client_id
         }
       }
-      clusterIssuers = {
-        letsencrypt = {
-          enabled = true
-        }
-        acme = {
-          solvers = local.solvers
-        }
-      }
       replicaCount = 2
       resources = {
         limits = {
@@ -89,5 +81,15 @@ locals {
         }
       }
     }
+
+    # This structure will be merged with the one with the same name on the root locals.tf.
+    clusterIssuers = {
+      letsencrypt = {
+        enabled = true
+        acme = {
+          solvers = local.solvers
+        }
+      }
+    }
   }]
 }

charts/cert-manager/templates/cluster-issuer.yaml

@@ -2,13 +2,13 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: {{ $.Values.issuers.default.name | quote }}
+  name: {{ $.Values.clusterIssuers.default.name | quote }}
   annotations:
     argocd.argoproj.io/sync-wave: "5"
 spec:
   selfSigned: {}
 {{- if index $.Values "cert-manager" }}
-{{- if index $.Values "cert-manager" "tlsCrt" }}
+{{- if $.Values.clusterIssuers.ca.tlsCrt }}
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
@@ -20,10 +20,10 @@ spec:
   ca:
     secretName: ca-key-pair
 {{- end }}
-{{- if index $.Values "cert-manager" "clusterIssuers" }}
-{{- if index $.Values "cert-manager" "clusterIssuers" "letsencrypt" }}
-{{- if index $.Values "cert-manager" "clusterIssuers" "letsencrypt" "enabled" }}
-{{- range $name, $issuer := index $.Values "issuers" "letsencrypt" }}
+{{- if index $.Values.clusterIssuers }}
+{{- if index $.Values.clusterIssuers.letsencrypt }}
+{{- if index $.Values.clusterIssuers.letsencrypt.enabled }}
+{{- range $name, $issuer := index $.Values.clusterIssuers.letsencrypt.issuers }}
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
@@ -37,7 +37,7 @@ spec:
     server: {{ $issuer.server }}
     privateKeySecretRef:
       name: {{ $name }}
-    {{ index $.Values "cert-manager" "clusterIssuers" "acme" | toYaml | nindent 4 }}
+    {{ index $.Values.clusterIssuers.letsencrypt.acme | toYaml | nindent 4 }}
 {{- end }}
 {{- end }}
 {{- end }}

charts/cert-manager/templates/secret.yaml

@@ -1,10 +1,10 @@
-{{- if index $.Values "cert-manager" "tlsCrt" }}
+{{- if $.Values.clusterIssuers.ca.tlsCrt }}
 apiVersion: v1
 kind: Secret
 metadata:
   name: ca-key-pair
   namespace: cert-manager
 data:
-  tls.crt: {{ index $.Values "cert-manager" "tlsCrt" }}
-  tls.key: {{ index $.Values "cert-manager" "tlsKey" }}
+  tls.crt: {{ $.Values.clusterIssuers.ca.tlsCrt }}
+  tls.key: {{ $.Values.clusterIssuers.ca.tlsKey }}
 {{- end }}

eks/locals.tf

@@ -38,10 +38,12 @@ locals {
           "eks.amazonaws.com/role-arn" = local.assumable_role_arn
         }
       }
-      clusterIssuers = {
-        letsencrypt = {
-          enabled = true
-        }
+    }
+
+    # This structure will be merged with the one with the same name on the root locals.tf.
+    clusterIssuers = {
+      letsencrypt = {
+        enabled = true
         acme = {
           solvers = local.solvers
         }

locals.tf

@@ -54,15 +54,38 @@ locals {
         }
       }
     }
-    issuers = {
-      default = local.issuers.default
-      ca      = local.issuers.ca
-      letsencrypt = { for issuer_id, issuer in local.issuers.letsencrypt :
-        issuer.name => {
-          email  = issuer.email
-          server = issuer.server
+
+    # This structure is overloaded and merged with the values of the same structure coming from the caller modules.
+    clusterIssuers = {
+      default = {
+        name = local.issuers.default.name
+      }
+      ca = {
+        name = local.issuers.ca.name
+      }
+      letsencrypt = {
+        enabled = false
+        issuers = { for issuer_id, issuer in local.issuers.letsencrypt :
+          issuer.name => {
+            email  = issuer.email
+            server = issuer.server
+          }
+        }
+        acme = {
+          solvers = []
         }
       }
     }
+
+    # issuers = {
+    #   default = local.issuers.default
+    #   ca      = local.issuers.ca
+    #   letsencrypt = { for issuer_id, issuer in local.issuers.letsencrypt :
+    #     issuer.name => {
+    #       email  = issuer.email
+    #       server = issuer.server
+    #     }
+    #   }
+    # }
   }]
 }

outputs.tf

@@ -9,9 +9,9 @@ output "cluster_issuers" {
     default = local.issuers.default.name
     }, {
     for issuer_id, issuer in { ca = local.issuers.ca.name } : issuer_id => issuer
-    if can(var.helm_values[0].cert-manager.tlsCrt) && can(var.helm_values[0].cert-manager.tlsKey)
+    if can(var.helm_values[0].clusterIssuers.ca.tlsCrt) && can(var.helm_values[0].clusterIssuers.ca.tlsKey)
     }, {
     for issuer_id, issuer in local.issuers.letsencrypt : issuer_id => issuer.name
-    if var.helm_values[0].cert-manager.clusterIssuers.letsencrypt.enabled
+    if var.helm_values[0].clusterIssuers.letsencrypt.enabled
   })
 }

scaleway/locals.tf

@@ -1,18 +1,30 @@
 locals {
+  default_solvers = {
+    http01 = {
+      http01 = {
+        ingress = {}
+      }
+    }
+  }
+
+  use_default_solvers = {
+    http01 = var.use_default_http01_solver
+  }
+
+  solvers = concat(
+    [for each in ["http01"] : local.default_solvers[each] if local.use_default_solvers[each]],
+    var.custom_solver_configurations
+  )
+
   helm_values = [{
-    cert-manager = {
-      clusterIssuers = {
-        letsencrypt = {
-          enabled = true
-        }
+    cert-manager = {}
+
+    # This structure will be merged with the one with the same name on the root locals.tf.
+    clusterIssuers = {
+      letsencrypt = {
+        enabled = true
         acme = {
-          solvers = [
-            {
-              http01 = {
-                ingress = {}
-              }
-            }
-          ]
+          solvers = local.solvers
         }
       }
     }

self-signed/locals.tf

@@ -1,12 +1,12 @@
 locals {
   helm_values = [{
-    cert-manager = {
-      tlsCrt = base64encode(tls_self_signed_cert.root.cert_pem)
-      tlsKey = base64encode(tls_private_key.root.private_key_pem)
-      clusterIssuers = {
-        letsencrypt = {
-          enabled = false
-        }
+    cert-manager = {}
+
+    # This structure will be merged with the one with the same name on the root locals.tf.
+    clusterIssuers = {
+      ca = {
+        tlsCrt = base64encode(tls_self_signed_cert.root.cert_pem)
+        tlsKey = base64encode(tls_private_key.root.private_key_pem)
       }
     }
   }]

sks/locals.tf

@@ -17,11 +17,12 @@ locals {
   )
 
   helm_values = [{
-    cert-manager = {
-      clusterIssuers = {
-        letsencrypt = {
-          enabled = true
-        }
+    cert-manager = {}
+
+    # This structure will be merged with the one with the same name on the root locals.tf.
+    clusterIssuers = {
+      letsencrypt = {
+        enabled = true
         acme = {
           solvers = local.solvers
         }