.. | ||
base | ||
overlays/ungleich | ||
README.md |
nginx service for getting letsencrypt certificates
Get real letsencrypt certificates in IPv6 based clusters.
Architecture
- nginx/port 80 serves only the root for letsencrypt
- nginx/port 443 crashes until the cert is there
- A job (certbot) gets the cert
Missing bits
- cronjob for renewal
- Automatic restart of nginx
- Fixing the service <-> pod mapping problem (goes to both http/https pods)
Brain storming
certbot --standalone / init container
- Could in theory be used as an init container
- nginx / port 80+443 could take over afterwards
Conclusion: does not work, as initcontainers are not targetted by services
certbot --standalone / job
Similar pattern as before -> works, because ports of jobs are caught by the service!