k8s中部署acme.sh

创建Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: acme-sh-deployment
  labels:
    app: acme-sh
spec:
  replicas: 1
  selector:
    matchLabels:
      app: acme-sh
  template:
    metadata:
      labels:
        app: acme-sh
    spec:
      volumes:
      - name: acme-sh # 将配置文件和生成的证书挂载到宿主机
        hostPath:
          path: /data/acme.sh
      containers:
      - name: acme-sh
        image: neilpang/acme.sh:latest
        args: ["daemon"] # 以deamon模式运行
        env:
        - name: "DP_Id" # 接入DNSPod API
          value: "****"
        - name: "DP_Key" # 接入DNSPod API
          value: "****"
        volumeMounts:
        - name: acme-sh
          mountPath: /acme.sh

配置账号

kubectl exec acme-sh-deployment-**********-***** -- acme.sh --register-account -m xxx@example.com

配置域名

kubectl exec acme-sh-deployment-**********-***** -- acme.sh --issue --dns dns_dp -d "example.com" -d "www.example.com" -d "*.example.com"

添加到k8s secret中

kubectl create secret tls dev-f-tls --cert=/data/acme.sh/example.com/example.com.cer --key=/data/acme.sh/example.com/example.com.key

cron自动更新

0 0 * * *  kubectl create secret tls dev-f-tls --cert=/data/acme.sh/example.com/example.com.cer --key=/data/acme.sh/example.com/example.com.key --dry-run=client --save-config=true  -o yaml| kubectl apply -f -  > /dev/null 2>&1 &

集群

集群模式下应修改vlumes，挂载网盘或其它存储