From 5867cc8bafed389e52123dbf5a88ea194c91e3f4 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 10 Jun 2021 00:02:16 +0200 Subject: [PATCH] ++certs --- certificates-dns.md | 13 ++++++++++++ certificates/cert-for-service.yaml | 32 ++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 certificates/cert-for-service.yaml diff --git a/certificates-dns.md b/certificates-dns.md index 0554eda..c584bec 100644 --- a/certificates-dns.md +++ b/certificates-dns.md @@ -10,10 +10,23 @@ name. * The certifcatce for xyz.example.com is requested/stored * All pods get access to the certificate, serve https +## Certificate for a service [sketch] + +* Have one pod listening on port 80 / doing certbot from time to time + * The cert is stored as a configmap (?) or other volume +* The application containers read the certificate + * ... and are restarted on ... ?? +* Job+Cronjob could do the job +* Deletion of certificate? + * With the volume/configmap +* Port 80 of the IP nginx with certbot webroot + * webroot shared with certbot container + ## DNS * Could try to reuse existing CoreDNS + ** Maybe even via https://coredns.io/plugins/kubernetes/ ## Letsencrypt / Certificates for services [WIP] diff --git a/certificates/cert-for-service.yaml b/certificates/cert-for-service.yaml new file mode 100644 index 0000000..82cd179 --- /dev/null +++ b/certificates/cert-for-service.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginxssl +spec: + selector: + matchLabels: + app: nginxssl + replicas: 1 + template: + metadata: + labels: + app: nginxssl + spec: + containers: + - name: nginx + image: nginx:1.20.0-alpine + ports: + - containerPort: 443 +--- +apiVersion: v1 +kind: Service +metadata: + name: etherpad + labels: + app: etherpadsooooolite +spec: + type: ClusterIP + ports: + - port: 80 + selector: + app: etherpadsooooolite