This repository has been archived by the owner on Nov 26, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathcertbot-cronjob.yml
63 lines (59 loc) · 1.87 KB
/
certbot-cronjob.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# You must create an API in kong pointing to this service and tied to /.well-known/acme-challenge
# it will always be inaccessible as certbot standalone is the http server, and only exists while
# it's trying to acquire certificates
apiVersion: v1
kind: Service
metadata:
name: kong-certbot-agent
spec:
type: ClusterIP
ports:
- name: certbot
port: 80
targetPort: 80
protocol: TCP
- name: certbot-ssl
port: 443
targetPort: 443
protocol: TCP
selector:
app: kong-certbot
---
# Make sure you edit your config below at the environment vars
# Ensures certbot doesn't loop forever on fail to avoid exhausting your LE quotas in case of initial misconfiguration
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: kong-certbot-agent
spec:
# Run job at 01:07 every 60 days
schedule: "7 1 */60 * * "
concurrencyPolicy: Forbid
jobTemplate:
spec:
completions: 1
backoffLimit: 0
template:
# Matches selector on service above
metadata:
labels:
app: kong-certbot
spec:
restartPolicy: Never
containers:
- name: runtime
image: phpdockerio/kong-certbot-agent:3 # This will bring in latest 3.x release - we do follow semver so should be safe
imagePullPolicy: Always # Ensure you have this if you're not pinning to an exact major.minor.patch release
ports:
- name: web
containerPort: 80
protocol: TCP
env:
- name: TERM
value: linux
- name: KONG_ENDPOINT
value: http://base.path.to.kong.admin:8001
- name: EMAIL
value: [email protected]
- name: DOMAINS
value: comma.separated,list.of,domains.and.subdomains