Add support for K8S Ingress resources about docker-letsencrypt HOT 7 OPEN

👍 this would be awesome!

from docker-letsencrypt.

I've was planning on building something quite similar to this so I used this is a starting point.
Here's what I added/changed...

• Made the changes to get it working with multiple domains and Ingress.
• Added a health check on / so that it returns 200 OK.
• Updated the kubectl version to be in line with docker best practice and make updating easier.
• I made the secret unique per domain and made it customizable

I'd be glad to contribute back some of what I've done if interested...

My plans are to make this more dynamic such that on a service that you want to have SSL, simply add a label and it will dynamically get picked up and handled.

https://github.com/phutchins/kubernetes-ssl-manager

from docker-letsencrypt.

@phutchins sounds fantastic. Please do contribute back and I'll happily test and merge.

from docker-letsencrypt.

from docker-letsencrypt.

@alexcouper Something tells me that it depends on implementation. There are different types of ingress controllers available: GCE, Nginx.

I think config reloading on certificate change should be part of their job and not this package.

Alternatively, we could create new secret (in format $SECRET_NAME_<timestamp>) when certs are updated and simply patch Ingress resource with a new value. Old secrets should not be a problem, since K8S 1.3 will come with garbage collector of unused Secrets and ConfigMaps.

from docker-letsencrypt.

true that would work.

The other thing that had concerned me was not knowing how to route through to letsencrypt pod for some requests (like is done in nginx-ssl-proxy) - but I see now that this is entirely possible using the nginx ingress controller

So in summary, go for it, looking forward to seeing the PR!

from docker-letsencrypt.

Part of this has been done in #13 (including the new data keys in the secret)

from docker-letsencrypt.