This is the source code for a Docker image that does the following:
- Requests a new certificate from Letsencrypt
- Applies it to the GCP load balancer
- Configures the following tiles with the new certificate:
- PAS (aka Elastic Runtime)
- PKS
- Harbor
GCP_CREDENTIALS- GCP credentials in JSON, you should request a service account with DNS Admin credentialsCF_DOMAINS- comma separated list of PCF domains, e.g.*.sys.example.com,*.login.sys.example.com,*.cfapps.example.comLE_EMAIL- email address to issue the certificates toPCF_OPSMGR- URL for opsmanager in the formathttps://opsman.xxx.yyyPCF_PASSWD- ops manager passwordGCP_HTTPS_PROXY- GCP Proxy to update - rungcloud compute target-https-proxies listto get this information
SKIP_PAS_CERT- skip updating the PCF PAS certificate - defaults tofalseSKIP_PKS_CERT- skip updating the PKS certificate - defaults tofalseSKIP_HARBOR_CERT- skip updating the VMware Harbor certificate - defaults tofalseSKIP_OPSMAN_APPLY- skip applying the changes in Ops Manager - defaults tofalsePCF_USER- ops manager username - defaults toadminOPSMAN_CERT_NAME- name of certificate in ops manager - defaults toCertificateLE_SERVER- Lets Encrypt server (optional) - will default tohttps://acme-v02.api.letsencrypt.org/directoryGCP_CREDENTIALS_FILE- name of the file to store credentials, defaults to/accounts.jsonGCP_CERT_NAME- new name of certificate file in GCP - defaults to an auto generated UUIDGCP_DNS_WAIT- how long to wait for DNS to propogate - defaults to 120 secondsCERT_RENEW_BEFORE- number of seconds the certificate may have left before renewing - defaults to 7 days (604800)
You can download it on Docker Hub too as mattsday/le-pcf-on-gcp
Assuming you have the above environment variables set:
docker run \
-e GCP_CREDENTIALS="${GCP_CREDENTIALS}" \
-e PCF_USER=${PCF_USER} \
-e PCF_PASSWD=${PCF_PASSWD} \
-e PCF_OPSMGR=${PCF_OPSMGR} \
-e LE_EMAIL=${LE_EMAIL} \
-e GCP_HTTPS_PROXY=${GCP_HTTPS_PROXY} \
-e CF_DOMAINS=${CF_DOMAINS} \
mattsday/le-pcf-on-gcp:latest