badouralix/rancher-auto-certs-v2
Rancher operator managing certificates
618
https://github.com/jonremy/rancher-auto-certs with wildcard support
Environment Variable Name | Description |
---|---|
OVH_APPLICATION_KEY | Application key |
OVH_APPLICATION_SECRET | Application secret |
OVH_CONSUMER_KEY | Consumer key |
OVH_ENDPOINT | Endpoint URL (ovh-eu or ovh-ca) |
Create keys in https://eu.api.ovh.com/createToken/
Field | Value |
---|---|
Script name | rancher-auto-certs-v2 |
Script description | Resolve ACME DNS-01 challenge |
Validity | Unlimited |
Rights | POST /domain/zone/[FQDN]/record |
Rights | POST /domain/zone/[FQDN]/refresh |
Rights | DELETE /domain/zone/[FQDN]/record/* |
More documentation on https://github.com/ovh/go-ovh#use-the-api-for-a-single-user
Warning https://community.ovh.com/t/createtoken-invalid-account-password/12454/2
Environment variables are meant to be environment variables. But if a provider must be instantiated multiple times ( for instance for domains registered on different accounts ), these environment variables can be defined in the config file. See example.
ACME tokens will be written in /media/acme-challenge/.well-known/acme-challenge/
.
Environment Variable Name | Description |
---|---|
CATTLE_URL | The URL that is in the host registration |
CATTLE_ACCESS_KEY | An access key for the environment that the service is being launched in |
CATTLE_SECRET_KEY | A secret key for the access key |
These environment variables are automatically provisioned for service accounts. Add the following labels to the Rancher service:
Key | Value | Description |
---|---|---|
io.rancher.container.create_agent | true | Used to indicate that the service account API keys will be passed as environment variables on each container |
io.rancher.container.agent.role | environment | Used to indicate what kind of role the account will be. The value to use for creating service accounts will be environment |
More documentation on https://rancher.com/docs/rancher/v1.6/en/rancher-services/service-accounts/
Configuration is stored in config/config.yml
. See example.
It populates a globalConfig
struct defined by the following:
type certConfig struct {
AccountEmail string `yaml:"account_email"`
AccountKey string `yaml:"account_key"`
CA string
Challenge string
CreateKeyIfMissing *bool `yaml:"create_key_if_missing"` // boolean pointer here to differentiate empty value from zero value
Description string
Domains []string
DumpPath string `yaml:"dump_path,omitempty"`
Env map[string]string `json:",omitempty" yaml:",omitempty"`
KeyType string `yaml:"key_type"`
Name string
Provider string `json:",omitempty" yaml:",omitempty"`
}
type defaultConfig struct {
AccountEmail string `yaml:"account_email"`
AccountKey string `yaml:"account_key"`
CA string
Challenge string
CreateKeyIfMissing bool `yaml:"create_key_if_missing"`
Description string
DumpPath string `yaml:"dump_path,omitempty"`
KeyType string `yaml:"key_type"`
Provider string `json:",omitempty" yaml:",omitempty"`
}
type globalConfig struct {
Default defaultConfig
Certs []certConfig
}
Each missing key in certConfig
is then populated by values from defaultConfig
.
docker pull badouralix/rancher-auto-certs-v2