From 5c3323a3ea864abf5f749863753885462cea8c18 Mon Sep 17 00:00:00 2001
From: Hannes Feldt <feldt@astron.nl>
Date: Mon, 9 Dec 2024 14:56:56 +0100
Subject: [PATCH] L2SS-2063: Add certificate documentation
---
README.md | 39 ++++++++++++++++++++++++++++++---------
1 file changed, 30 insertions(+), 9 deletions(-)
diff --git a/README.md b/README.md
index e9cc73f..e385a6b 100644
--- a/README.md
+++ b/README.md
@@ -1,23 +1,44 @@
-# Cryptocoryne
+# Stingray
-
-
+
+
<!--  -->
-An example repository of an CI/CD pipeline for building, testing and publishing a python package.
+Cryptocoryne registeres and renews certificates for the lofar.net domain based on consul service registrations.
## Installation
+
```
pip install .
```
## Usage
-```python
-from lofar-cryptocoryne import cool_module
-cool_module.greeter() # prints "Hello World"
+Cryptocoryne runs periodically on the central nomad cluster.
+
+Every 5 minutes, cryptocoryne queries all services registered within consul that have the tag `cert`.
+Then the certificate `<service_name>.lofar.net` is registered or renewed (if needed) and stored in the LOFAR vault.
+
+Services then have the option to retrieve the certificates from the vault using nomads job templating:
+```hcl
+template {
+ data = <<EOH
+{{with secret "lets-encrypt/certificates/<service_name>.lofar.net" -}}
+{{.Data.data.cert }}
+{{.Data.data.chain -}}
+{{end}}
+EOH
+ destination = "${NOMAD_SECRETS_DIR}/fullchain.cer"
+}
+template {
+ data = <<EOH
+{{with secret "lets-encrypt/certificates/<service_name>.lofar.net" -}}
+{{.Data.data.key -}}
+{{end}}
+EOH
+ destination = "${NOMAD_SECRETS_DIR}/key.key"
+}
```
-
## Contributing
To contribute, please create a feature branch and a "Draft" merge request.
@@ -29,7 +50,7 @@ changes is done through `tox`.
```pip install tox```
-With tox the same jobs as run on the CI/CD pipeline can be ran. These
+With tox the same jobs as run on the CI/CD pipeline can be run. These
include unit tests and linting.
```tox```
--
GitLab