This is the source code for a Docker image that does the following:
- Requests a new certificate from Letsencrypt
- Applies it to the GCP load balancer
- Configures the following tiles with the new certificate:
- PAS (aka Elastic Runtime)
- PKS
- Harbor
GCP_CREDENTIALS
- GCP credentials in JSON, you should request a service account with DNS Admin credentialsCF_DOMAINS
- comma separated list of PCF domains, e.g.*.sys.example.com,*.login.sys.example.com,*.cfapps.example.com
LE_EMAIL
- email address to issue the certificates toPCF_OPSMGR
- URL for opsmanager in the formathttps://opsman.xxx.yyy
PCF_PASSWD
- ops manager passwordGCP_HTTPS_PROXY
- GCP Proxy to update - rungcloud compute target-https-proxies list
to get this information
SKIP_PAS_CERT
- skip updating the PCF PAS certificate - defaults tofalse
SKIP_PKS_CERT
- skip updating the PKS certificate - defaults tofalse
SKIP_HARBOR_CERT
- skip updating the VMware Harbor certificate - defaults tofalse
SKIP_OPSMAN_APPLY
- skip applying the changes in Ops Manager - defaults tofalse
PCF_USER
- ops manager username - defaults toadmin
OPSMAN_CERT_NAME
- name of certificate in ops manager - defaults toCertificate
LE_SERVER
- Lets Encrypt server (optional) - will default tohttps://acme-v02.api.letsencrypt.org/directory
GCP_CREDENTIALS_FILE
- name of the file to store credentials, defaults to/accounts.json
GCP_CERT_NAME
- new name of certificate file in GCP - defaults to an auto generated UUIDGCP_DNS_WAIT
- how long to wait for DNS to propogate - defaults to 120 secondsCERT_RENEW_BEFORE
- number of seconds the certificate may have left before renewing - defaults to 7 days (604800
)
You can download it on Docker Hub too as mattsday/le-pcf-on-gcp
Assuming you have the above environment variables set:
docker run \
-e GCP_CREDENTIALS="${GCP_CREDENTIALS}" \
-e PCF_USER=${PCF_USER} \
-e PCF_PASSWD=${PCF_PASSWD} \
-e PCF_OPSMGR=${PCF_OPSMGR} \
-e LE_EMAIL=${LE_EMAIL} \
-e GCP_HTTPS_PROXY=${GCP_HTTPS_PROXY} \
-e CF_DOMAINS=${CF_DOMAINS} \
mattsday/le-pcf-on-gcp:latest