33 lines
767 B
Markdown
33 lines
767 B
Markdown
## nginx service for getting letsencrypt certificates
|
|
|
|
Get real letsencrypt certificates in IPv6 based clusters.
|
|
|
|
### Architecture
|
|
|
|
* nginx/port 80 serves only the root for letsencrypt
|
|
* nginx/port 443 crashes until the cert is there
|
|
* A job (certbot) gets the cert
|
|
|
|
## Missing bits
|
|
|
|
* cronjob for renewal
|
|
* Automatic restart of nginx
|
|
* Fixing the service <-> pod mapping problem (goes to both http/https
|
|
pods)
|
|
|
|
## Brain storming
|
|
|
|
### certbot --standalone / init container
|
|
|
|
* Could in theory be used as an init container
|
|
* nginx / port 80+443 could take over afterwards
|
|
|
|
Conclusion: does not work, as initcontainers are not targetted by
|
|
services
|
|
|
|
|
|
### certbot --standalone / job
|
|
|
|
Similar pattern as before -> works, because ports of jobs are caught
|
|
by the service!
|