rancher-auto-certs-v2

command module
v0.0.0-...-439ecf9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 14, 2021 License: MIT Imports: 23 Imported by: 0

README

Rancher Auto Certs v2

Docker Cloud Build Status Docker Pulls Docker Stars Docker Image Version (latest by date) Docker Image Size (latest by date)

https://github.com/jonremy/rancher-auto-certs with wildcard support

DNS Provider setup

OVH
Environment Variable Name Description
OVH_APPLICATION_KEY Application key
OVH_APPLICATION_SECRET Application secret
OVH_CONSUMER_KEY Consumer key
OVH_ENDPOINT Endpoint URL (ovh-eu or ovh-ca)

Create keys in https://eu.api.ovh.com/createToken/

Field Value
Script name rancher-auto-certs-v2
Script description Resolve ACME DNS-01 challenge
Validity Unlimited
Rights POST /domain/zone/[FQDN]/record
Rights POST /domain/zone/[FQDN]/refresh
Rights DELETE /domain/zone/[FQDN]/record/*

More documentation on https://github.com/ovh/go-ovh#use-the-api-for-a-single-user

Warning https://community.ovh.com/t/createtoken-invalid-account-password/12454/2

Configuring multiple providers

Environment variables are meant to be environment variables. But if a provider must be instantiated multiple times ( for instance for domains registered on different accounts ), these environment variables can be defined in the config file. See example.

HTTP Provider setup

ACME tokens will be written in /media/acme-challenge/.well-known/acme-challenge/.

Rancher setup

Environment Variable Name Description
CATTLE_URL The URL that is in the host registration
CATTLE_ACCESS_KEY An access key for the environment that the service is being launched in
CATTLE_SECRET_KEY A secret key for the access key

These environment variables are automatically provisioned for service accounts. Add the following labels to the Rancher service:

Key Value Description
io.rancher.container.create_agent true Used to indicate that the service account API keys will be passed as environment variables on each container
io.rancher.container.agent.role environment Used to indicate what kind of role the account will be. The value to use for creating service accounts will be environment

More documentation on https://rancher.com/docs/rancher/v1.6/en/rancher-services/service-accounts/

Configuration

Configuration is stored in config/config.yml. See example.

It populates a globalConfig struct defined by the following:

type certConfig struct {
	AccountEmail       string `yaml:"account_email"`
	AccountKey         string `yaml:"account_key"`
	CA                 string
	Challenge          string
	CreateKeyIfMissing *bool `yaml:"create_key_if_missing"` // boolean pointer here to differentiate empty value from zero value
	Description        string
	Domains            []string
	DumpPath           string            `yaml:"dump_path,omitempty"`
	Env                map[string]string `json:",omitempty" yaml:",omitempty"`
	KeyType            string            `yaml:"key_type"`
	Name               string
	Provider           string `json:",omitempty" yaml:",omitempty"`
}

type defaultConfig struct {
	AccountEmail       string `yaml:"account_email"`
	AccountKey         string `yaml:"account_key"`
	CA                 string
	Challenge          string
	CreateKeyIfMissing bool `yaml:"create_key_if_missing"`
	Description        string
	DumpPath           string `yaml:"dump_path,omitempty"`
	KeyType            string `yaml:"key_type"`
	Provider           string `json:",omitempty" yaml:",omitempty"`
}

type globalConfig struct {
	Default defaultConfig
	Certs   []certConfig
}

Each missing key in certConfig is then populated by values from defaultConfig.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.