ignition

Commit Graph

Author	SHA1	Message	Date
Dustin	d907b47db1	fetchcert: Add script to fetch certs from K8s Since Fedora CoreOS machines are not managed by Ansible, we need another way to keep the HTTPS certificate up-to-date. To that end, I've added the `fetchcert.sh` script, along with a corresponding systemd service and timer unit, that will fetch the latest certificate from the Secret resource managed by the Kubernetes API. The script authenticates with a long-lived bearer token associated with a particular Kubernetes service account and downloads the current Secret to a local file. If the certificate in the Secret is different than the one already in place, the certificate and key files are updated and nginx is reloaded.	2023-09-21 22:30:23 -05:00

Author

SHA1

Message

Date

Dustin

d907b47db1

fetchcert: Add script to fetch certs from K8s

Since Fedora CoreOS machines are not managed by Ansible, we need another
way to keep the HTTPS certificate up-to-date.  To that end, I've added
the `fetchcert.sh` script, along with a corresponding systemd service
and timer unit, that will fetch the latest certificate from the Secret
resource managed by the Kubernetes API.  The script authenticates with
a long-lived bearer token associated with a particular Kubernetes
service account and downloads the current Secret to a local file.  If
the certificate in the Secret is different than the one already in
place, the certificate and key files are updated and nginx is reloaded.

2023-09-21 22:30:23 -05:00

1 Commits (b5455e519a3c716783087a82e3a8d290af901029)