As services grow in number, it become more tedious to add new service domains to DOMAINS var in letsencrypt stack. In my use case, most of the time, domains added to letsencrypt get added to (cattle) load balancer too. So why not making it automatically fetch domains from load balancer?
I'm not yet familiar with rancher-letsencrypt codebase, but here's roughly my implementation idea:
additional env vars with sample value:
DOMAINS_FROM_LB: stackname/lbservice
DOMAINS_FILTER: *.example.com
I have found that we can query certain lb's upstream hosts by making requests to Cattle's internal metadata service:
karael
commented
5 years ago
As services grow in number, it become more tedious to add new service domains to DOMAINS var in letsencrypt stack. In my use case, most of the time, domains added to letsencrypt get added to (cattle) load balancer too. So why not making it automatically fetch domains from load balancer?
I'm not yet familiar with
rancher-letsencryptcodebase, but here's roughly my implementation idea:additional env vars with sample value:
stackname/lbservice*.example.comI have found that we can query certain lb's upstream hosts by making requests to Cattle's internal metadata service:
What do you think? Any edge cases we should be cautious about?