23 lines
711 B
Plaintext
23 lines
711 B
Plaintext
[Unit]
|
|
Description=Fetch HTTPS certificate from Kubernetes Secret API
|
|
Wants=network-online.target
|
|
After=network-online.target
|
|
|
|
[Container]
|
|
Image=git.pyrocufflink.net/containerimages/fetchcert
|
|
Exec={{ fetchcert.namespace }} {{ fetchcert.secret }} /etc/fetchcert/certs/{{ fetchcert.key }} /etc/fetchcert/certs/{{ fetchcert.cert }}
|
|
ReadOnly=yes
|
|
ReadOnlyTmpfs=yes
|
|
Volume=/etc/fetchcert:/etc/fetchcert:ro
|
|
Volume=/etc/fetchcert/certs:/etc/fetchcert/certs:rw,z
|
|
Environment=KUBERNETES_URL={{ fetchcert.kubernetes_url }}
|
|
AddCapability=CAP_CHOWN
|
|
DropCapability=all
|
|
NoNewPrivileges=yes
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
SuccessExitStatus=20
|
|
ExecStartPre=/bin/mkdir -p /etc/fetchcert/certs
|
|
ExecStopPost=-/etc/fetchcert/postupdate.sh
|