From 43ccff7b275a703f96ada3414b9ef550235d2f63 Mon Sep 17 00:00:00 2001 From: William Dvorak Date: Mon, 25 Dec 2017 20:36:34 -0500 Subject: [PATCH 1/4] Start server from HOME dir, sleep to prevent rate limiting on prod API --- kube-nginx-letsencrypt/entrypoint.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kube-nginx-letsencrypt/entrypoint.sh b/kube-nginx-letsencrypt/entrypoint.sh index f7286b9..c3f2c1a 100755 --- a/kube-nginx-letsencrypt/entrypoint.sh +++ b/kube-nginx-letsencrypt/entrypoint.sh @@ -15,6 +15,7 @@ NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace) echo "Current Kubernetes namespce: $NAMESPACE" echo "Starting HTTP server..." +cd $HOME python -m SimpleHTTPServer 80 & PID=$! echo "Starting certbot..." @@ -24,7 +25,7 @@ echo "Certbot finished. Killing http server..." echo "Finiding certs. Exiting if certs are not found ..." CERTPATH=/etc/letsencrypt/live/$(echo $DOMAINS | cut -f1 -d',') -ls $CERTPATH || exit 1 +ls $CERTPATH || (sleep 10m; exit 1) echo "Creating update for secret..." cat /secret-patch-template.json | \ From 546e15df8bd9f4788a958a485724460260a9877e Mon Sep 17 00:00:00 2001 From: William Dvorak Date: Tue, 26 Dec 2017 22:18:20 -0500 Subject: [PATCH 2/4] with debug --- kube-nginx-letsencrypt/Dockerfile | 1 - kube-nginx-letsencrypt/entrypoint.sh | 13 +++++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/kube-nginx-letsencrypt/Dockerfile b/kube-nginx-letsencrypt/Dockerfile index 5bebfa7..72dab4d 100644 --- a/kube-nginx-letsencrypt/Dockerfile +++ b/kube-nginx-letsencrypt/Dockerfile @@ -5,7 +5,6 @@ RUN dnf install certbot -y && dnf clean all RUN mkdir /etc/letsencrypt COPY secret-patch-template.json / -COPY deployment-patch-template.json / COPY entrypoint.sh / CMD ["/entrypoint.sh"] diff --git a/kube-nginx-letsencrypt/entrypoint.sh b/kube-nginx-letsencrypt/entrypoint.sh index c3f2c1a..71ffee9 100755 --- a/kube-nginx-letsencrypt/entrypoint.sh +++ b/kube-nginx-letsencrypt/entrypoint.sh @@ -15,17 +15,25 @@ NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace) echo "Current Kubernetes namespce: $NAMESPACE" echo "Starting HTTP server..." +mkdir $HOME/.well-known +mkdir $HOME/.well-known/acme-challenge +echo "This is some text" > $HOME/.well-known/acme-challenge/blank cd $HOME python -m SimpleHTTPServer 80 & PID=$! +sleep 2m echo "Starting certbot..." certbot certonly --webroot -w $HOME -n --agree-tos --email ${EMAIL} --no-self-upgrade -d ${DOMAINS} -kill $PID echo "Certbot finished. Killing http server..." +ls $HOME +ls $HOME/.well-known +ls $HOME/.well-known/acme-challenge + echo "Finiding certs. Exiting if certs are not found ..." CERTPATH=/etc/letsencrypt/live/$(echo $DOMAINS | cut -f1 -d',') -ls $CERTPATH || (sleep 10m; exit 1) +ls $CERTPATH || (sleep 60m; exit 1) +kill $PID echo "Creating update for secret..." cat /secret-patch-template.json | \ @@ -49,3 +57,4 @@ curl \ -d @/secret-patch.json https://kubernetes/api/v1/namespaces/${NAMESPACE}/secrets/${SECRET} \ -k -v echo "Done" +sleep 60m \ No newline at end of file From a84ec12e8d4d7253df155ee88441d3d9147d535b Mon Sep 17 00:00:00 2001 From: William Dvorak Date: Mon, 5 Feb 2018 01:05:16 -0500 Subject: [PATCH 3/4] transfer --- README.md | 17 +++++++++++++++++ kube-nginx-letsencrypt/entrypoint.sh | 6 ++++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 388ec5e..ef1bd47 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,20 @@ # Kubernetes + Let's Encrypt Automatic Cert Generation Demo for how to automatically create https certs on Kubernetes using Let's encrypt + + +docker build -t gcr.io/dht-2718/letsencrypt:testserver . +gcloud docker -- push gcr.io/dht-2718/letsencrypt:testserver + +http://frameworthyfilms.com/.well-known/acme-challenge/blank + +POD=$(kubectl get pods | grep nginx | awk '{print $1}') +kubectl exec $POD -it bash +apt-get update && apt-get install curl -qq -y # Terrible, I know +curl letsencrypt # Name of the service + + +docker build -t gcr.io/dht-2718/letsencrypt:getcreds . +gcloud docker -- push gcr.io/dht-2718/letsencrypt:getcreds + + diff --git a/kube-nginx-letsencrypt/entrypoint.sh b/kube-nginx-letsencrypt/entrypoint.sh index 71ffee9..e34091b 100755 --- a/kube-nginx-letsencrypt/entrypoint.sh +++ b/kube-nginx-letsencrypt/entrypoint.sh @@ -21,6 +21,7 @@ echo "This is some text" > $HOME/.well-known/acme-challenge/blank cd $HOME python -m SimpleHTTPServer 80 & PID=$! +echo "sleeping 2m" sleep 2m echo "Starting certbot..." certbot certonly --webroot -w $HOME -n --agree-tos --email ${EMAIL} --no-self-upgrade -d ${DOMAINS} @@ -32,7 +33,7 @@ ls $HOME/.well-known/acme-challenge echo "Finiding certs. Exiting if certs are not found ..." CERTPATH=/etc/letsencrypt/live/$(echo $DOMAINS | cut -f1 -d',') -ls $CERTPATH || (sleep 60m; exit 1) +ls $CERTPATH || (echo "sleeping 60m";sleep 60m; exit 1) kill $PID echo "Creating update for secret..." @@ -57,4 +58,5 @@ curl \ -d @/secret-patch.json https://kubernetes/api/v1/namespaces/${NAMESPACE}/secrets/${SECRET} \ -k -v echo "Done" -sleep 60m \ No newline at end of file +echo "sleeping 60m" +sleep 60m From e1f2ade028cae65ddaaa263cd9aa2d34a4a3fb57 Mon Sep 17 00:00:00 2001 From: William Dvorak Date: Sun, 15 Apr 2018 19:40:23 -0400 Subject: [PATCH 4/4] end --- kube-nginx-letsencrypt/entrypoint.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/kube-nginx-letsencrypt/entrypoint.sh b/kube-nginx-letsencrypt/entrypoint.sh index e34091b..e4619bc 100755 --- a/kube-nginx-letsencrypt/entrypoint.sh +++ b/kube-nginx-letsencrypt/entrypoint.sh @@ -21,8 +21,8 @@ echo "This is some text" > $HOME/.well-known/acme-challenge/blank cd $HOME python -m SimpleHTTPServer 80 & PID=$! -echo "sleeping 2m" -sleep 2m +echo "sleeping 1m" +sleep 1m echo "Starting certbot..." certbot certonly --webroot -w $HOME -n --agree-tos --email ${EMAIL} --no-self-upgrade -d ${DOMAINS} echo "Certbot finished. Killing http server..." @@ -58,5 +58,3 @@ curl \ -d @/secret-patch.json https://kubernetes/api/v1/namespaces/${NAMESPACE}/secrets/${SECRET} \ -k -v echo "Done" -echo "sleeping 60m" -sleep 60m