## Objective

Allow a service to acquire a DNS name and a certificate for the DNS
name.

## Potential flow

* A deployment (?) with annotations domain: xyz.example.com is created
* The DNS entry xyz.example.com pointing to the Service is created
* The certifcatce for xyz.example.com is requested/stored
* All pods get access to the certificate, serve https

## Certificate for a service [sketch]

* Have one pod listening on port 80 / doing certbot from time to time
  * The cert is stored as a configmap (?) or other volume
* The application containers read the certificate
  * ... and are restarted on ... ??
* Job+Cronjob could do the job
* Deletion of certificate?
  * With the volume/configmap
* Port 80 of the IP nginx with certbot webroot
  * webroot shared with certbot container


## DNS

* Could try to reuse existing CoreDNS
  ** Maybe even via https://coredns.io/plugins/kubernetes/

## Letsencrypt / Certificates for services [WIP]

* Maybe using certmanager

```
kubectl apply -f
https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.yaml
```

## Container flow / certificate renewal

* Assume a shell script as init
* checking for the required certificate at /etc/letsencrypt/...
* starting nginx when available, caching the checksum (in a shell variable)
* Check the file once per hour, reload nginx if it happened