Browse Source

++certs

master
Nico Schottelius 2 years ago
parent
commit
5867cc8baf
  1. 13
      certificates-dns.md
  2. 32
      certificates/cert-for-service.yaml

13
certificates-dns.md

@ -10,10 +10,23 @@ name.
* The certifcatce for xyz.example.com is requested/stored
* All pods get access to the certificate, serve https
## Certificate for a service [sketch]
* Have one pod listening on port 80 / doing certbot from time to time
* The cert is stored as a configmap (?) or other volume
* The application containers read the certificate
* ... and are restarted on ... ??
* Job+Cronjob could do the job
* Deletion of certificate?
* With the volume/configmap
* Port 80 of the IP nginx with certbot webroot
* webroot shared with certbot container
## DNS
* Could try to reuse existing CoreDNS
** Maybe even via https://coredns.io/plugins/kubernetes/
## Letsencrypt / Certificates for services [WIP]

32
certificates/cert-for-service.yaml

@ -0,0 +1,32 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginxssl
spec:
selector:
matchLabels:
app: nginxssl
replicas: 1
template:
metadata:
labels:
app: nginxssl
spec:
containers:
- name: nginx
image: nginx:1.20.0-alpine
ports:
- containerPort: 443
---
apiVersion: v1
kind: Service
metadata:
name: etherpad
labels:
app: etherpadsooooolite
spec:
type: ClusterIP
ports:
- port: 80
selector:
app: etherpadsooooolite
Loading…
Cancel
Save