ungleich-k8s/apps/nginx-certbot
2021-06-19 17:49:07 +02:00
..
base configmapref -> name needs to be indented 2021-06-19 17:49:07 +02:00
overlays/ungleich ++in between2 2021-06-19 17:21:53 +02:00
README.md [nginx/certbot] finish! 2021-06-18 23:42:15 +02:00

nginx service for getting letsencrypt certificates

Get real letsencrypt certificates in IPv6 based clusters.

Architecture

  • nginx/port 80 serves only the root for letsencrypt
  • nginx/port 443 crashes until the cert is there
  • A job (certbot) gets the cert

Missing bits

  • cronjob for renewal
  • Automatic restart of nginx
  • Fixing the service <-> pod mapping problem (goes to both http/https pods)

Brain storming

certbot --standalone / init container

  • Could in theory be used as an init container
  • nginx / port 80+443 could take over afterwards

Conclusion: does not work, as initcontainers are not targetted by services

certbot --standalone / job

Similar pattern as before -> works, because ports of jobs are caught by the service!