Merge pull request #41 from phpdocker-io/remove-cron

Remove built-in cron and matching kubernetes deployment

Dockerfile

@@ -17,16 +17,14 @@ ENV DOMAINS=foo.com,www.foo.com,bar.foo.com
 RUN  echo "deb http://ppa.launchpad.net/certbot/certbot/ubuntu bionic main" > /etc/apt/sources.list.d/letsencrypt.list \
     && apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7BF576066ADA65728FC7E70A8C47BE8E75BCA694 \
     && apt-get update \
-    && apt-get -y --no-install-recommends install nano cron certbot \
+    && apt-get -y --no-install-recommends install certbot \
     && apt-get clean; rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
 
 # Composer config - add early to benefit from docker build caches
 COPY composer.* /workdir/
 RUN composer -o install --no-dev
 
-# App and crontab
 COPY . /workdir/
-RUN ln -s /workdir/crontab /var/spool/cron/crontabs/root
 
 # Expose HTTP/HTTPS ports for certbot standalone
 EXPOSE 80 443

README.md

@@ -13,9 +13,10 @@ There's an example [kubernetes cronjob](kubernetes/certbot-cronjob.yml) you can
 
 ## Compatibility
 
-  * Kong >= 0.14: use Kong Certbot Agent 2.x.
-  * Kong <= 0.13: use Kong Certbot Agent 1.x.
-
+  * Kong Certbot Agent 3.x: compatible with Kong 0.14 and 1.x. Kubernetes examples compatible with Kubernetes >= 1.8
+  * Kong Certbot Agent 2.x: compatible with Kong 0.14 and 1.x.  Kubernetes examples compatible with Kubernetes <= 1.8
+  * Kong Certbot Agent 1.x: compatible with Kong <= 0.13.  Kubernetes examples compatible with Kubernetes <= 1.8
+
 ## How to
 
 ### Run the container
@@ -88,13 +89,11 @@ Then, associate this route to it:
 
 ## Kubernetes
 
-Head off to the [Kubernetes deployment configuration](kubernetes) for examples, using a Kubernetes service
-plus either a [deployment (deprecated)](kubernetes/certbot-cron.yml), or a [kubernetes cronjob](kubernetes/certbot-cronjob.yml). 
+Here's a [kubernetes cronjob example](kubernetes/certbot-cronjob.yml).
 
-Note that the cron deployment is legacy stuff, from before Kubernetes had `CronJob` (pre 1.4). Please use a proper kubernetes
-`CronJob` object for scheduling.
+### Note
 
-Note: your k8s service will always time out since there's nothing listening on HTTP except for when certbot itself is 
+Your k8s service SHOULD always time out since there's nothing listening on HTTP except for when certbot itself is 
 running and requesting certs from LE.
 
 ## Command line tool
@@ -126,12 +125,13 @@ docker run -it --rm phpdockerio/kong-certbot-agent \
 
 You can give the agent a pretty big list of domains to acquire certificates for (100), but bear in mind it will be one certificate 
 shared among all of them. You might want to set up different cronjobs for different sets of certificates, grouped in a manner
-that makes sense to you.
+that makes sense to you. Also, if one of the domains you're getting a certificate from fails the HTTP challenge, cert acquisition
+for the whole group fails.
 
 ### How about wildcard certs?
 
 Unfortunately, certbot does not support http challenges on wildcard certs, needing to resort to other types (like DNS). 
-Due to the way certbot agent works, this will never be supported by the agent. 
+Due to the way certbot agent works, this will never be supported by the agent.
 
 ### Any considerations on a first time set up?
 

kubernetes/certbot-cronjob.yml

@@ -22,6 +22,8 @@ spec:
 ---
 
 # Make sure you edit your config below at the environment vars
+# Ensures certbot doesn't loop forever on fail to avoid exhausting your LE quotas in case of initial misconfiguration
+
 
 apiVersion: batch/v1beta1
 kind: CronJob
@@ -33,31 +35,29 @@ spec:
   concurrencyPolicy: Forbid
   jobTemplate:
     spec:
+      completions: 1
+      backoffLimit: 0
       template:
         # Matches selector on service above
         metadata:
           labels:
             app: kong-certbot
         spec:
-          # Ensure certbot doesn't loop forever on fail to avoid exhausting your LE quotas in case of initial misconfiguration
-          completions: 1
-          backoffLimit: 0
           restartPolicy: Never
-
           containers:
-          - name: runtime
-            image: phpdockerio/kong-certbot-agent:latest
-            command: [ "/workdir/certbot-agent", "certs:update", "$(KONG_ENDPOINT)", "$(EMAIL)", "$(DOMAINS)" ]
-            ports:
-            - name: web
-              containerPort: 80
-              protocol: TCP
-            env:
-              - name: TERM
-                value: linux
-              - name: KONG_ENDPOINT
-                value: http://base.path.to.kong.admin:8001
-              - name: EMAIL
-                value: letsencrypt@registration.email
-              - name: DOMAINS
-                value: comma.separated,list.of,domains.and.subdomains
+            - name: runtime
+              image: phpdockerio/kong-certbot-agent:3.0.0
+              command: [ "/workdir/certbot-agent", "certs:update", "$(KONG_ENDPOINT)", "$(EMAIL)", "$(DOMAINS)" ]
+              ports:
+                - name: web
+                  containerPort: 80
+                  protocol: TCP
+              env:
+                - name: TERM
+                  value: linux
+                - name: KONG_ENDPOINT
+                  value: http://base.path.to.kong.admin:8001
+                - name: EMAIL
+                  value: letsencrypt@registration.email
+                - name: DOMAINS
+                  value: comma.separated,list.of,domains.and.subdomains