math-nao / Certs
Licence: apache-2.0
A Let's Encrypt certificates manager for Kubernetes
Stars: ✭ 96
Programming Languages
shell
77523 projects
Labels
Projects that are alternatives of or similar to Certs
Mailserver
⚠️ UNMAINTAINED - Simple and full-featured mail server using Docker
Stars: ✭ 1,267 (+1219.79%)
Mutual labels: letsencrypt
Alidns Webhook
Cert manager acme dns01 webhook provider for alidns
Stars: ✭ 57 (-40.62%)
Mutual labels: letsencrypt
Docker Letsencrypt Certgen
Docker image to generate, renew, revoke RSA and/or ECDSA SSL certificates from LetsEncrypt CA using certbot and acme.sh clients in automated fashion
Stars: ✭ 64 (-33.33%)
Mutual labels: letsencrypt
Certbot Install
Install the latest Certbot in a breeze. Great for Ubuntu Focal 20.04, and other Linux/Mac.
Stars: ✭ 50 (-47.92%)
Mutual labels: letsencrypt
Dockerweb
A docker-powered bash script for shared web hosting management. The ultimate Docker LAMP/LEMP Stack.
Stars: ✭ 89 (-7.29%)
Mutual labels: letsencrypt
Letscertbot
Let's Certbot is a tool builds automated scripts base on Certbot for obtaining, renewing, deploying SSL certificates.
Stars: ✭ 84 (-12.5%)
Mutual labels: letsencrypt
Piholecloudflared
Raspberry Pi setup with Pi-Hole, CloudflareD, DHCP as the ultimate Ad-blocker
Stars: ✭ 57 (-40.62%)
Mutual labels: letsencrypt
Dockerize Your Dev
Docker compose a VM to get LetsEncrypt / NGINX proxy auto provisioning, ELK logging, Prometheus / Grafana monitoring, Portainer GUI, and more...
Stars: ✭ 61 (-36.46%)
Mutual labels: letsencrypt
Acmesharp
An ACME client library and PowerShell client for the .NET platform (Let's Encrypt)
Stars: ✭ 1,161 (+1109.38%)
Mutual labels: letsencrypt
Netcore Postgres Oauth Boiler
A basic .NET Core website boilerplate using PostgreSQL for storage, Adminer for db management, Let's Encrypt for SSL certificates and NGINX for routing.
Stars: ✭ 57 (-40.62%)
Mutual labels: letsencrypt
Certify
SSL Certificate Manager UI for Windows, powered by Let's Encrypt. Download from certifytheweb.com
Stars: ✭ 1,075 (+1019.79%)
Mutual labels: letsencrypt
Intercert
Use Let's Encrypt on private (LAN) servers using DNS validation
Stars: ✭ 68 (-29.17%)
Mutual labels: letsencrypt
Rancher Lets Encrypt
Automatically create and manage certificates in Rancher using Let's Encrypt webroot verification via a minimal service
Stars: ✭ 88 (-8.33%)
Mutual labels: letsencrypt
A Let's Encrypt certificates manager for Kubernetes
This chart use the acme.sh script to generate Let's Encrypt certifcates with DNS validation only; it uses Kubernetes Job
to get and renew certificates.
Ingress annotations
Name | Example | Description |
---|---|---|
acme.kubernetes.io/enable | "true" |
Enable Certs on this ingress when value is set to "true" .Default value is empty. |
acme.kubernetes.io/dns | "dns_gd" |
Set the acme.sh --dns parameter: (see [https://github.com/Neilpang/acme.sh/wiki/dnsapi] for all --dns supported values).Default value is empty. |
acme.kubernetes.io/staging | "true" |
Enable acme staging certificate validation when value is set to "true" .Default value is empty. |
acme.kubernetes.io/add-args | "--keylength ec-256" |
Add more arguments to acme.sh command used to generate certificates.Default value is empty. |
acme.kubernetes.io/cmd-to-use | "acme.sh -h" |
Replace the acme.sh command to use for generating certificates.Default value is empty. |
Chart configuration
Parameter | Default | Description |
---|---|---|
image.registry | mathnao |
Set the docker image registry to use. |
image.repository | certs |
Set the docker image repository to use. |
image.tag | tag |
Set the docker image tag to use. |
schedule | 0 0,12 * * * |
Set the job schedule to run dns validation for certificate renew. |
backoffLimit | 1 |
Specify the number of retries before considering a job as failed. |
activeDeadlineSeconds | 600 |
Set an active deadline for terminatting a job. |
ttlSecondsAfterFinished | 120 |
Set a TTL for cleaning a job. |
successfulJobsHistoryLimit | 3 |
Specify how many completed jobs should be kept. |
manageAllNamespaces | false |
Whether or not certs should manage all namespaces for generating certificates. |
debug | false |
Display more logs when value is set to "true" . |
failedJobsHistoryLimit | 1 |
Specify how many failed jobs should be kept. |
env | [] |
List all environment variables needed to run a acme.sh dns validation for certificate renew. |
demo.enabled | false |
Enable a demo backend for test purpose. |
demo.image | mathnao/light-test-server |
Set the docker image to use for the demo backend |
demo.service.type | ClusterIP |
Set the service type for the demo backend |
demo.service.port | 8080 |
Set the service port for the demo backend |
demo.secretName | demo-ingress-cert |
Set the secret name for storing generated certificates |
demo.hosts | - "example.com" |
Set the list of your hosts to generate Let's Encrypt certificate |
Deployment example
1/ Have your Ingress Controller deployed and ready
2/ Register your ingress, for example:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-ingress
annotations:
acme.kubernetes.io/enable: "true"
acme.kubernetes.io/dns: "dns_gd"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- sslexample.foo.com
secretName: testsecret-tls
rules:
- host: sslexample.foo.com
http:
paths:
- path: /
backend:
serviceName: service1
servicePort: 80
3/ Install Certs
chart:
# Add the `Certs` Helm repository
helm repo add certs https://math-nao.github.io/certs/charts
# Update your local Helm chart repository cache
helm repo update
# Install the `Certs` Helm chart in the same namespace than your ingresses
helm install \
--name certs \
--namespace app \
--values values.yaml \
certs/certs
values.yaml
file may content for example:
# schedule a Kubernetes Job twice a day, certificate is renewed only if it is going to expire soon
schedule: "0 2,14 * * *"
# add all necessary environment variables for acme.sh dns validation
# see https://github.com/Neilpang/acme.sh/wiki/dnsapi
env:
- name: GD_Key
value: XXXX
- name: GD_Secret
value: XXXX
4/ Visit https://sslexample.foo.com
webpage, you should have a valid Let's Encrypt certificate
Acknowledgments
acme.sh: https://github.com/Neilpang/acme.sh
License
This code is distributed under the Apache License, Version 2.0, see LICENSE for more information.
Donates
Your donation helps to maintain Certs
:
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].