Public ungleich kubernetes repository
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

1.1 KiB

Objective

Allow a service to acquire a DNS name and a certificate for the DNS name.

Potential flow

  • A deployment (?) with annotations domain: xyz.example.com is created
  • The DNS entry xyz.example.com pointing to the Service is created
  • The certifcatce for xyz.example.com is requested/stored
  • All pods get access to the certificate, serve https

Certificate for a service [sketch]

  • Have one pod listening on port 80 / doing certbot from time to time
    • The cert is stored as a configmap (?) or other volume
  • The application containers read the certificate
    • ... and are restarted on ... ??
  • Job+Cronjob could do the job
  • Deletion of certificate?
    • With the volume/configmap
  • Port 80 of the IP nginx with certbot webroot
    • webroot shared with certbot container

DNS

Letsencrypt / Certificates for services [WIP]

  • Maybe using certmanager
kubectl apply -f
https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.yaml