Configure K8s deployment for easy LetsEncrypt verification.

This is not the certificate setup we will use in production. I'd like to merge this configuration as a reference point because this is the easiest way to handle manual LetsEncrypt verification within the cluster. This allows NGINX to serve static files over HTTP from the ".well-known/acme-challenge" directory, which is necessary for certbot validation of domain ownership.
2019-11-14 09:51:35 -05:00
parent 9c086e2f85
commit 79eb691907
5 changed files with 56 additions and 37 deletions
--- a/deploy/azure/azure.yml
+++ b/deploy/azure/azure.yml
@@ -70,6 +70,8 @@ spec:
              mountPath: "/etc/ssl/private"
            - name: nginx-client-ca-bundle
              mountPath: "/etc/ssl/"
+            - name: acme
+              mountPath: "/usr/share/nginx/html/.well-known/acme-challenge/"
      volumes:
        - name: atst-config
          secret:
@@ -118,6 +120,10 @@ spec:
            - key: cert
              path: pgsslrootcert.crt
              mode: 0666
+        - name: acme
+          configMap:
+            name: acme-challenges
+            defaultMode: 0666
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment