2021-06-19 14:41:43 +00:00
|
|
|
## ungleich-certbot
|
|
|
|
|
|
|
|
|
|
This container is made for getting **real world** certificates
|
|
|
|
|
for your kubernetes cluster.
|
|
|
|
|
|
|
|
|
|
The assumption is that you can point the DNS name to the container
|
|
|
|
|
from outside. This is by default given for **IPv6 only kubernetes
|
|
|
|
|
services**.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
|
|
|
|
|
* Set the environment variable DOMAIN to specify the domain for which
|
|
|
|
|
to get a certificate
|
|
|
|
|
* Set the environment variable EMAIL (this is where letsencrypt sends
|
|
|
|
|
warnings to)
|
|
|
|
|
* Set the environment variable STAGING to "no" if you want to have
|
|
|
|
|
proper certificates - this is to prevent you from asking the real
|
|
|
|
|
letsencrypt service accidently by default
|
2021-06-20 12:42:19 +00:00
|
|
|
* By default the container allows world read access to the
|
|
|
|
|
certificates, so that non-root users can access the certificates.
|
|
|
|
|
Set the LEAVE_PERMISSIONS_AS_IS environment variable to instruct the
|
|
|
|
|
container not to change permissions
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
docker run -e DOMAIN=example.com \
|
|
|
|
|
-e EMAIL=root@example.com \
|
|
|
|
|
ungleich/ungleich-certbot
|
|
|
|
|
```
|
2021-06-19 14:41:43 +00:00
|
|
|
|
|
|
|
|
## Volumes
|
|
|
|
|
|
|
|
|
|
If you want to keep / use your certificates, you are advised to create
|
|
|
|
|
a volume below /etc/letsencrypt.
|
|
|
|
|
|
|
|
|
|
## Kubernetes
|
|
|
|
|
|
|
|
|
|
Sample kubernetes usage: (TBD)
|
