ungleich-k8s/apps/nginx-certbot/README.md

## nginx service for getting letsencrypt certificates

Get real letsencrypt certificates in IPv6 based clusters.

### Architecture

* nginx/port 80 serves only the root for letsencrypt
* nginx/port 443 crashes until the cert is there
* A job (certbot) gets the cert

## Missing bits

* cronjob for renewal
* Automatic restart of nginx
* Fixing the service <-> pod mapping problem (goes to both http/https
  pods)

## Brain storming

### certbot --standalone / init container

* Could in theory be used as an init container
* nginx / port 80+443 could take over afterwards

Conclusion: does not work, as initcontainers are not targetted by
services


### certbot --standalone / job

Similar pattern as before -> works, because ports of jobs are caught
by the service!
[nginx/app/tls] ++update 2021-06-18 19:08:53 +00:00			`## nginx service for getting letsencrypt certificates`

++readme 2021-06-18 20:32:13 +00:00			`Get real letsencrypt certificates in IPv6 based clusters.`

[nginx/app/tls] ++update 2021-06-18 19:08:53 +00:00			`### Architecture`

			`* nginx/port 80 serves only the root for letsencrypt`
++readme 2021-06-18 20:32:13 +00:00			`* nginx/port 443 crashes until the cert is there`
			`* A job (certbot) gets the cert`

			`## Missing bits`

			`* cronjob for renewal`
[nginx/certbot] finish! 2021-06-18 21:42:15 +00:00			`* Automatic restart of nginx`
			`* Fixing the service <-> pod mapping problem (goes to both http/https`
			`pods)`

			`## Brain storming`

			`### certbot --standalone / init container`

			`* Could in theory be used as an init container`
			`* nginx / port 80+443 could take over afterwards`

			`Conclusion: does not work, as initcontainers are not targetted by`
			`services`


			`### certbot --standalone / job`

			`Similar pattern as before -> works, because ports of jobs are caught`
			`by the service!`