This Schematics-ready Terraform workspace deploys cert-manager onto an existing IBM Cloud ROKS (OpenShift) cluster. It does not create cluster infrastructure — provide the name or ID of a running ROKS cluster and the workspace installs cert-manager in the correct dependency order.
| Variable | Description | Required | Example |
|---|---|---|---|
ibmcloud_api_key |
API Key used to authorize all deployment resources | REQUIRED | 0q7N3CzUn6oKxEsr7fLc1mxkukBeAEcsjNRQOg1kdDSY (note: not a real API key) |
ibmcloud_cluster_region |
IBM Cloud region where the target cluster resides | REQUIRED with default defined | ca-tor (default) |
ibmcloud_resource_group |
IBM Cloud resource group name (leave empty to use account default) | Optional | default |
This workspace deploys cert-manager onto an existing cluster. Cluster information is discovered automatically from the cluster data source.
| Variable | Description | Required | Example |
|---|---|---|---|
roks_cluster_name_or_id |
Name or ID of the existing OpenShift ROKS cluster | REQUIRED | my-openshift-cluster |
Get your existing cluster name or ID:
ibmcloud ks clusters --provider vpc-gen2| Variable | Description | Required | Example |
|---|---|---|---|
cert_manager_namespace |
Kubernetes namespace for cert-manager | Optional | cert-manager (default) |
cert_manager_version |
Helm chart version | Optional | v1.17.3 (default) |
ibmcloud_schematics_bigip_next_for_kubernetes_2_3_cert_manager/
├── main.tf # Root module configuration
├── variables.tf # Root module variables
├── outputs.tf # Root module outputs
├── providers.tf # Provider configuration
├── data.tf # Data sources (resource group, cluster)
├── terraform.tfvars.example # Example variable values
├── modules/
│ └── cert-manager/ # Cert-manager module
│ ├── main.tf # Cert-manager helm release and namespace
│ ├── variables.tf # Cert-manager variables
│ └── outputs.tf # Cert-manager outputs
┌──────────────────────────────────┐
│ DATA SOURCES │
│ (Existing IBM Cloud Resources) │
│ │
│ - Existing ROKS Cluster │
└─────────────┬────────────────────┘
│ (provides kubeconfig)
▼
┌──────────────────────────────────┐
│ 1. CERT-MANAGER │
│ (Certificate Management CRDs) │
│ │
│ - Namespace │
│ - Helm Release │
│ - CRD Registration │
└──────────────────────────────────┘
- An existing IBM Cloud ROKS (OpenShift) cluster
- Copy
terraform.tfvars.exampletoterraform.tfvarsand fill in your values - Run
terraform initto initialize all modules
Get your cluster name or ID:
ibmcloud ks clusters --provider vpc-gen2terraform plan
terraform apply -auto-approveterraform destroy -auto-approveenabled: Enable/disable cert-manager deployment (hardcodedtrueat root)namespace: Kubernetes namespace for cert-manager (default:cert-manager)chart_version: Helm chart version (default:v1.17.3)chart_repository: Helm repository URL (default:https://charts.jetstack.io)wait_for_deployment: Wait for deployment to be ready (default:true)post_deployment_delay: Time to wait after deployment for CRD registration (default:30s)
# IBM Cloud Credentials
ibmcloud_api_key = "YOUR_API_KEY"
ibmcloud_cluster_region = "ca-tor"
ibmcloud_resource_group = ""
# Target Cluster (required)
roks_cluster_name_or_id = "my-openshift-cluster"
# Namespace Configuration
cert_manager_namespace = "cert-manager"
cert_manager_version = "v1.17.3"View all outputs:
terraform output # All outputs
terraform output cert_manager_namespace # Specific output| Output | Description |
|---|---|
cert_manager_namespace |
Namespace where cert-manager is deployed |
cert_manager_version |
Installed cert-manager Helm chart version |
terraform planView module-specific changes:
terraform plan -target=module.cert_managerList resources by module:
terraform state list module.cert_managerValidate configuration:
terraform validate
terraform state list