Very crude container to create a pem file out of certificates stored in rancher. The container does no error checking.
Since there is no easy way to get a pem out of the certificate store in rancher, this container can accomplish it.
The idea is to use for example ranchers letsencrypt container to create the certificate and then use the resulting certificate in your mail server or jabber server, which not always support being behind a loadbalancer.
Build this container and push it to a repository of your liking.
You need to specify the name of the certificate in the Certificate store via the CERT_NAME
Env variable
The container automatically writes the resulting pem file to: /opt/certs/CERT_NAME.pem
, so you can use host mapping of the /opt/certs
directory to use the resulting pem in another container.
As you can see in the docker-compose.yml example, it is required to set the following labels:
io.rancher.container.agent.role: environmentAdmin
io.rancher.container.create_agent: 'true'
Also at least till rancher 1.6.14 you ALSO NEED the container to be in a system stack. You can set a stack to be a system stack via "View in API" and then edit and check the "system" flag.
Sample docker-compose.yml
version: '2'
services:
jabber-pemdump:
image: smurfynet/rancher-pemdump
environment:
CERT_NAME: jabber-mydomain
stdin_open: true
volumes:
- /opt/jabber/ejabberd/ssl:/opt/certs
tty: true
labels:
io.rancher.container.agent.role: environmentAdmin
io.rancher.container.create_agent: 'true'
io.rancher.container.pull_image: always