├── Dockerfile
├── README.md
├── build-push.sh
├── deployment-patch-template.json
├── entrypoint.sh
└── secret-patch-template.json


/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM fedora:24
 2 | MAINTAINER Seth Jennings <sethdjennings@gmail.com>
 3 | 
 4 | RUN dnf install certbot -y && dnf clean all
 5 | RUN mkdir /etc/letsencrypt
 6 | 
 7 | CMD ["/entrypoint.sh"]
 8 | 
 9 | COPY secret-patch-template.json /
10 | COPY deployment-patch-template.json /
11 | COPY entrypoint.sh /
12 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # kube-nginx-letsencrypt
2 | 
3 | Obtain and install Let's Encrypt certificates for Kubernetes Ingresses
4 | 
5 | https://hub.docker.com/r/sjenning/kube-nginx-letsencrypt/
6 | 


--------------------------------------------------------------------------------
/build-push.sh:
--------------------------------------------------------------------------------
1 | #/bin/bash
2 | 
3 | docker build --tag sjenning/kube-nginx-letsencrypt:0.8.1-1 .
4 | echo "docker login before continuing"
5 | read
6 | docker push sjenning/kube-nginx-letsencrypt:0.8.1-1
7 | 
8 | 


--------------------------------------------------------------------------------
/deployment-patch-template.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "kind": "Deployment",
 3 |     "apiVersion": "extensions/v1beta1",
 4 |     "metadata": {
 5 |         "name": "NAME",
 6 |         "namespace": "NAMESPACE"
 7 |     },
 8 |     "spec": {
 9 |         "template": {
10 |             "metadata": {
11 |                 "annotations": {
12 |                     "tlsUpdated": "TLSUPDATED"
13 |                 }
14 |             }
15 |         }
16 |     }
17 | }
18 | 


--------------------------------------------------------------------------------
/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [[ -z $EMAIL || -z $DOMAINS || -z $SECRET || -z $DEPLOYMENT ]]; then
 4 | 	echo "EMAIL, DOMAINS, SECERT, and DEPLOYMENT env vars required"
 5 | 	env
 6 | 	exit 1
 7 | fi
 8 | 
 9 | NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
10 | 
11 | cd $HOME
12 | python -m SimpleHTTPServer 80 &
13 | PID=$!
14 | certbot certonly --webroot -w $HOME -n --agree-tos --email ${EMAIL} --no-self-upgrade -d ${DOMAINS}
15 | kill $PID
16 | 
17 | CERTPATH=/etc/letsencrypt/live/$(echo $DOMAINS | cut -f1 -d',')
18 | 
19 | ls $CERTPATH || exit 1
20 | 
21 | cat /secret-patch-template.json | \
22 | 	sed "s/NAMESPACE/${NAMESPACE}/" | \
23 | 	sed "s/NAME/${SECRET}/" | \
24 | 	sed "s/TLSCERT/$(cat ${CERTPATH}/fullchain.pem | base64 | tr -d '\n')/" | \
25 | 	sed "s/TLSKEY/$(cat ${CERTPATH}/privkey.pem |  base64 | tr -d '\n')/" \
26 | 	> /secret-patch.json
27 | 
28 | ls /secret-patch.json || exit 1
29 | 
30 | # update secret
31 | curl -v --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -k -v -XPATCH  -H "Accept: application/json, */*" -H "Content-Type: application/strategic-merge-patch+json" -d @/secret-patch.json https://kubernetes/api/v1/namespaces/${NAMESPACE}/secrets/${SECRET}
32 | 
33 | cat /deployment-patch-template.json | \
34 | 	sed "s/TLSUPDATED/$(date)/" | \
35 | 	sed "s/NAMESPACE/${NAMESPACE}/" | \
36 | 	sed "s/NAME/${DEPLOYMENT}/" \
37 | 	> /deployment-patch.json
38 | 
39 | ls /deployment-patch.json || exit 1
40 | 
41 | # update pod spec on ingress deployment to trigger redeploy
42 | curl -v --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -k -v -XPATCH  -H "Accept: application/json, */*" -H "Content-Type: application/strategic-merge-patch+json" -d @/deployment-patch.json https://kubernetes/apis/extensions/v1beta1/namespaces/${NAMESPACE}/deployments/${DEPLOYMENT}
43 | 


--------------------------------------------------------------------------------
/secret-patch-template.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "kind": "Secret",
 3 |     "apiVersion": "v1",
 4 |     "metadata": {
 5 |         "name": "NAME",
 6 |         "namespace": "NAMESPACE"
 7 |     },
 8 |     "data": {
 9 |        "tls.crt": "TLSCERT",
10 |        "tls.key": "TLSKEY"
11 |     },
12 |     "type": "Opaque"
13 | }
14 | 


--------------------------------------------------------------------------------