-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpod.yaml
53 lines (48 loc) · 1.64 KB
/
pod.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
api: 1.0.0-beta1
runtime: podman
podVersion: 0.1.1
volumes:
- name: certs
type: volume
# The certs_list contains certs.txt, a file which states what certificates to issue.
- name: certs_list
type: config
containers:
- name: renewer
image: ghcr.io/simplenetes-io/letsencrypt-renewer:${podVersion}
restart: on-interval:86400
env:
- name: daysUntilExpire
value: 20
mounts:
# New certs are stored to /mnt/certs
- volume: certs
dest: /mnt/certs
- volume: certs_list
dest: /mnt/certs_list
expose:
# This is where the letsencrypt service is connecting to.
- targetPort: 8080
hostPort: ${HOSTPORTAUTO1}
clusterPort: ${CLUSTERPORTAUTO1}
ingress:
- protocol: http
weight: 999999
pathBeg: /.well-known/acme-challenge/
- name: certs_server
# This nginx container serves the bundle of certs to anyone internally asking for it.
image: ghcr.io/simplenetes-io/letsencrypt-server:${podVersion}
restart: always
signal:
- sig: HUP
mounts:
- volume: certs
dest: /mnt/certs
expose:
- targetPort: 80
hostPort: ${HOSTPORTAUTO2}
# It is VERY important that this exposed port does NOT have an ingress,
# because then anybody could surf in and download the cert bundles.
# By fixating the clusterPort to 64000 or above Simplenetes will always
# reject any ingress configuration for it.
clusterPort: 64000