Skip to content
Snippets Groups Projects
Commit 1f95f89a authored by Hannes Feldt's avatar Hannes Feldt
Browse files

Merge branch 'L2SS-2063-consul_documentation' into 'main' 

L2SS-2063: Add certificate documentation

Closes L2SS-2063

See merge request !3
parents fef103f9 5c3323a3
No related branches found
No related tags found
1 merge request!3L2SS-2063: Add certificate documentation
Pipeline #104005 passed with warnings
Stage: prepare
Stage: lint
Stage: test
Stage: package
Stage: images
Stage: integration
Pipeline: Cryptocoryne

#104006

    Show whitespace changes
    Inline Side-by-side
    Showing
    with 30 additions and 9 deletions
    README.md
    + 30
    9
    View file @ 1f95f89a
    # Cryptocoryne # Stingray
    ![Build status](git@git.astron.nl:lofar2.0/cryptocoryne/badges/main/pipeline.svg) ![Build status](git.astron.nl/lofar2.0/cryptocoryne/badges/main/pipeline.svg)
    ![Test coverage](git@git.astron.nl:lofar2.0/cryptocoryne/badges/main/coverage.svg) ![Test coverage](git.astron.nl/lofar2.0/cryptocoryne/badges/main/coverage.svg)
    <!-- ![Latest release](https://git.astron.nl/templates/python-package/badges/main/release.svg) --> <!-- ![Latest release](https://git.astron.nl/templates/python-package/badges/main/release.svg) -->
    An example repository of an CI/CD pipeline for building, testing and publishing a python package. Cryptocoryne registeres and renews certificates for the lofar.net domain based on consul service registrations.
    ## Installation ## Installation
    ``` ```
    pip install . pip install .
    ``` ```
    ## Usage ## Usage
    ```python
    from lofar-cryptocoryne import cool_module
    cool_module.greeter() # prints "Hello World" Cryptocoryne runs periodically on the central nomad cluster.
    Every 5 minutes, cryptocoryne queries all services registered within consul that have the tag `cert`.
    Then the certificate `<service_name>.lofar.net` is registered or renewed (if needed) and stored in the LOFAR vault.
    Services then have the option to retrieve the certificates from the vault using nomads job templating:
    ```hcl
    template {
    data = <<EOH
    {{with secret "lets-encrypt/certificates/<service_name>.lofar.net" -}}
    {{.Data.data.cert }}
    {{.Data.data.chain -}}
    {{end}}
    EOH
    destination = "${NOMAD_SECRETS_DIR}/fullchain.cer"
    }
    template {
    data = <<EOH
    {{with secret "lets-encrypt/certificates/<service_name>.lofar.net" -}}
    {{.Data.data.key -}}
    {{end}}
    EOH
    destination = "${NOMAD_SECRETS_DIR}/key.key"
    }
    ``` ```
    ## Contributing ## Contributing
    To contribute, please create a feature branch and a "Draft" merge request. To contribute, please create a feature branch and a "Draft" merge request.
    ...@@ -29,7 +50,7 @@ changes is done through `tox`. ...@@ -29,7 +50,7 @@ changes is done through `tox`.
    ```pip install tox``` ```pip install tox```
    With tox the same jobs as run on the CI/CD pipeline can be ran. These With tox the same jobs as run on the CI/CD pipeline can be run. These
    include unit tests and linting. include unit tests and linting.
    ```tox``` ```tox```
    ......
    0% or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Please register or to comment