Public | Automated Build

Last pushed: a year ago
Short Description
using alpine linux as a base image
Full Description

letsencrypt-kubernetes

A docker image suitable for requesting new certificates from letsencrypt,
and storing them in a secret on kubernetes.

Available on docker hub as ployst/letsencrypt

Purpose

To provide an application that owns certificate requesting and storing.

  • To serve acme requests to letsencrypt (given that you direct them to this
    container)
  • To regularly (monthly) ask for new certificates.
  • To store those new certificates in a secret on kubernetes.

Useful commands

Generate a new set of certs

Once this container is running you can generate new certificates using:

kubectl exec -it <pod> -- bash -c 'EMAIL=fred@fred.com DOMAINS=example.com foo.example.com ./fetch_certs.sh'

Save the set of certificates as a secret

kubectl exec -it <pod> -- bash -c 'DOMAINS=example.com foo.example.com ./save_certs.sh'

Refresh the certificates

kubectl exec -it <pod> -- bash -c 'EMAIL=fred@fred.com DOMAINS=example.com foo.example.com SECRET_NAME=foo DEPLOYMENTS=bar ./refresh_certs.sh'

Environment variables:

  • EMAIL - the email address to obtain certificates on behalf of.
  • DOMAINS - a space separated list of domains to obtain a certificate for.
  • LETSENCRYPT_ENDPOINT
  • DEPLOYMENTS - a space separated list of deployments whose pods should be
    refreshed after a certificate save
  • SECRET_NAME - the name to save the secrets under
  • NAMESPACE - the namespace under which the secrets should be available
  • CRON_FREQUENCY - the 5-part frequency of the cron job. Default is a random
    time in the range 0-59 0-23 1-27 * *

development

docker-machine start
eval "$(docker-machine env default)"
docker build -t docker-letsencrypt .
docker run -p 8000:80 docker-letsencrypt
open http://192.168.99.100:8000
docker ps
docker kill <container-id>
docker images
docker tag 7d9495d03763 recapfyi/docker-letsencrypt:latest
docker push recapfyi/docker-letsencrypt

cron job

http://stackoverflow.com/questions/37015624/how-to-run-a-cron-job-inside-a-docker-conatiner

The cron daemon is started automatically on system boot and executes the scripts placed in the folders under /etc/periodic - there's a 15min folder, plus ones for hourly, daily, weekly and monthly scripts.

Docker Pull Command
Owner
recapfyi
Source Repository

Comments (0)