forked from Hagbarth/kubernetes-certbot
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathrun.sh
executable file
·36 lines (33 loc) · 1.12 KB
/
run.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#/bin/bash -e
EMAIL="${2}"
DOMAINS="${3}"
SECRET_NAMESPACE="${4:-default}"
DOMAIN_MAIN="$(echo $DOMAINS | sed 's/,.*//')"
SECRET_NAME_PREFIX="${SECRET_NAME_PREFIX:-letsencrypt}"
SECRET_NAME="${SECRET_NAME_PREFIX}-${1}"
echo "Generating certificate ${DOMAIN}"
letsencrypt-auto \
--non-interactive \
--agree-tos \
--standalone \
--standalone-supported-challenges http-01 \
--http-01-port 80 \
--email "${EMAIL}" \
--domains "${DOMAINS}" \
certonly
echo "Generating kubernetes secret ${SECRET_NAME} (namespace ${SECRET_NAMESPACE})"
(cat << EOF
apiVersion: v1
kind: Secret
metadata:
name: "${SECRET_NAME}"
namespace: "${SECRET_NAMESPACE}"
type: Opaque
data:
cert.pem: "$(cat /etc/letsencrypt/live/${DOMAIN_MAIN}/cert.pem | base64 --wrap=0)"
chain.pem: "$(cat /etc/letsencrypt/live/${DOMAIN_MAIN}/chain.pem | base64 --wrap=0)"
fullchain.pem: "$(cat /etc/letsencrypt/live/${DOMAIN_MAIN}/fullchain.pem | base64 --wrap=0)"
privkey.pem: "$(cat /etc/letsencrypt/live/${DOMAIN_MAIN}/privkey.pem | base64 --wrap=0)"
EOF
) > "${SECRET_NAMESPACE}-${SECRET_NAME}.yml"
kubectl apply -f "${SECRET_NAMESPACE}-${SECRET_NAME}.yml"