ungleich-k8s/apps/nginx-certbot
2021-06-18 23:42:15 +02:00
..
base [nginx/certbot] finish! 2021-06-18 23:42:15 +02:00
overlays/ungleich begin nginx/ssl w/o ingress 2021-06-18 20:39:35 +02:00
v1 [nginx/certbot] finish! 2021-06-18 23:42:15 +02:00
README.md [nginx/certbot] finish! 2021-06-18 23:42:15 +02:00

nginx service for getting letsencrypt certificates

Get real letsencrypt certificates in IPv6 based clusters.

Architecture

  • nginx/port 80 serves only the root for letsencrypt
  • nginx/port 443 crashes until the cert is there
  • A job (certbot) gets the cert

Missing bits

  • cronjob for renewal
  • Automatic restart of nginx
  • Fixing the service <-> pod mapping problem (goes to both http/https pods)

Brain storming

certbot --standalone / init container

  • Could in theory be used as an init container
  • nginx / port 80+443 could take over afterwards

Conclusion: does not work, as initcontainers are not targetted by services

certbot --standalone / job

Similar pattern as before -> works, because ports of jobs are caught by the service!