228 lines
7.6 KiB
YAML
228 lines
7.6 KiB
YAML
.catalog:
|
|
name: Let's Encrypt
|
|
version: 0.5.0
|
|
description: Trusted SSL certificates at zero cost
|
|
minimum_rancher_version: v1.5.0
|
|
maximum_rancher_version: v1.9.99
|
|
questions:
|
|
- variable: EULA
|
|
label: I Agree to the Let's Encrypt TOS
|
|
description: |
|
|
Read https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf
|
|
required: true
|
|
type: enum
|
|
options:
|
|
- "Yes"
|
|
- "No"
|
|
- variable: API_VERSION
|
|
label: Let's Encrypt API Version
|
|
description: |
|
|
Select the Let's Encrypt API endpoint used for issuing the certificate.
|
|
Use `Sandbox` for testing your configuration.
|
|
required: true
|
|
type: enum
|
|
default: Production
|
|
options:
|
|
- Production
|
|
- Sandbox
|
|
- variable: EMAIL
|
|
label: Your Email Address
|
|
description: |
|
|
Enter the email address to use for creating the Let's Encrypt account.
|
|
required: true
|
|
type: string
|
|
- variable: CERT_NAME
|
|
label: Certificate Name
|
|
description: |
|
|
Name for storing the certificate in the Rancher API and in volumes.
|
|
Any existing certificate by that name will be updated.
|
|
required: true
|
|
type: string
|
|
- variable: DOMAINS
|
|
label: Domain Names
|
|
description: |
|
|
Comma delimited list of the certificate domains starting with the Common Name.
|
|
E.g: `example.com, dev.example.com`.
|
|
required: true
|
|
type: string
|
|
- variable: PUBLIC_KEY_TYPE
|
|
label: Public Key Algorithm
|
|
description: |
|
|
Select one of the available key types.
|
|
required: true
|
|
type: enum
|
|
default: RSA-2048
|
|
options:
|
|
- RSA-2048
|
|
- RSA-4096
|
|
- RSA-8192
|
|
- ECDSA-256
|
|
- ECDSA-384
|
|
- variable: RENEWAL_TIME
|
|
label: Renewal Time of Day (00-23)
|
|
description: |
|
|
Set the time of day (UTC in hours) at which certificate renewals should be run.
|
|
default: 12
|
|
required: true
|
|
type: int
|
|
- variable: RENEWAL_PERIOD_DAYS
|
|
label: Renewal Grace Period
|
|
description: |
|
|
Number of days before expiration the certificate should be renewed / become eligible for renewal.
|
|
default: 20
|
|
required: true
|
|
type: int
|
|
- variable: RUN_ONCE
|
|
label: Run Once
|
|
description: |
|
|
Stop the service after creating or renewing the certificate instead of continously running and managing renewal.
|
|
required: true
|
|
type: boolean
|
|
default: false
|
|
- variable: DNS_RESOLVERS
|
|
label: DNS Resolvers
|
|
description: |
|
|
Comma delimited list of DNS resolvers used to check propagation of ACME TXT record.
|
|
If empty the DNS resolvers configured in your hosts /etc/resolv.conf are used.
|
|
required: false
|
|
default: "8.8.8.8:53,8.8.4.4:53"
|
|
type: string
|
|
- variable: VOLUME_NAME
|
|
label: Volume Name (Optional)
|
|
description: |
|
|
To store the account data, certificates and private keys in a volume, enter the volume name that should be used.
|
|
By default this will be a (host scoped) named Docker volume. See "Persistent Storage Driver" for other options.
|
|
required: false
|
|
type: string
|
|
- variable: STORAGE_DRIVER
|
|
label: Volume Storage Driver (Optional)
|
|
description: |
|
|
To use a stack scoped volume backed by a persistent storage service, enter the name
|
|
of an existing storage driver (see `Infrastructure -> Storage`). This also requires "Volume Name" to be set.
|
|
required: false
|
|
type: string
|
|
- variable: STORAGE_DRIVER_OPT
|
|
label: Storage Driver Option (Optional)
|
|
description: |
|
|
Specify a single "driver_opts" key/value pair in the format "optionName: optionValue".
|
|
E.g. for the `rancher-ebs` driver you should specify the required 'size' option like this: "size: 1".
|
|
required: false
|
|
type: string
|
|
- variable: PROVIDER
|
|
label: Domain Validation Method
|
|
description: Select a DNS provider to use for domain validation. Use 'HTTP' if your domain is hosted elsewhere.
|
|
required: true
|
|
type: enum
|
|
options:
|
|
- CloudFlare
|
|
- DigitalOcean
|
|
- DNSimple
|
|
- Dyn
|
|
- Gandi
|
|
- Ovh
|
|
- Route53
|
|
- Vultr
|
|
- HTTP
|
|
- Azure
|
|
- NS1
|
|
- variable: AWS_ACCESS_KEY
|
|
label: AWS Route53 Access Key Id
|
|
description: Enter the Access Key Id for your AWS account.
|
|
type: string
|
|
required: false
|
|
- variable: AWS_SECRET_KEY
|
|
label: AWS Route53 Secret Access Key
|
|
description: Enter the Secret Access Key for your AWS account.
|
|
type: password
|
|
required: false
|
|
- variable: AZURE_CLIENT_ID
|
|
label: Azure Client ID
|
|
description: Enter the Client Id for your Azure account.
|
|
type: string
|
|
required: false
|
|
- variable: AZURE_CLIENT_SECRET
|
|
label: Azure Client Secret
|
|
description: Enter the Access Key Id for your Azure account.
|
|
type: password
|
|
required: false
|
|
- variable: AZURE_SUBSCRIPTION_ID
|
|
label: Azure Subscription Id
|
|
description: Enter the Azure Subscription Id for your Azure account.
|
|
type: string
|
|
required: false
|
|
- variable: AZURE_TENANT_ID
|
|
label: Azure Tenant Id
|
|
description: Enter the Azure Tenant Id for your Azure account.
|
|
type: string
|
|
required: false
|
|
- variable: AZURE_RESOURCE_GROUP
|
|
label: Azure Resource Group
|
|
description: Enter the Azure Resource Group for your Azure account.
|
|
type: string
|
|
required: false
|
|
- variable: CLOUDFLARE_EMAIL
|
|
label: CloudFlare Email Address
|
|
description: Enter the email address associated with your CloudFlare account.
|
|
type: string
|
|
required: false
|
|
- variable: CLOUDFLARE_KEY
|
|
label: CloudFlare API Key
|
|
description: Enter the Global API Key for your CloudFlare account.
|
|
type: password
|
|
required: false
|
|
- variable: DO_ACCESS_TOKEN
|
|
label: DigitalOcean API Access Token
|
|
description: Enter the Personal Access Token for your DigitalOcean account.
|
|
type: password
|
|
required: false
|
|
- variable: DNSIMPLE_EMAIL
|
|
label: DNSimple Email Address
|
|
description: Enter the email address associated with your DNSimple account.
|
|
type: string
|
|
required: false
|
|
- variable: DNSIMPLE_KEY
|
|
label: DNSimple API Key
|
|
description: Enter your DNSimple API key.
|
|
type: password
|
|
required: false
|
|
- variable: DYN_CUSTOMER_NAME
|
|
label: Dyn Customer Name
|
|
description: Enter your Dyn customer name.
|
|
type: string
|
|
required: false
|
|
- variable: DYN_USER_NAME
|
|
label: Dyn User Name
|
|
description: Enter your Dyn user name.
|
|
type: string
|
|
required: false
|
|
- variable: DYN_PASSWORD
|
|
label: Dyn Password
|
|
description: Enter your Dyn password.
|
|
type: password
|
|
required: false
|
|
- variable: GANDI_API_KEY
|
|
label: Gandi API Key
|
|
description: Enter the API key for your Gandi account.
|
|
type: password
|
|
required: false
|
|
- variable: OVH_APPLICATION_KEY
|
|
label: OVH Application Key
|
|
description: Enter your OVH application key.
|
|
type: string
|
|
required: false
|
|
- variable: OVH_APPLICATION_SECRET
|
|
label: OVH Application Secret
|
|
description: Enter your OVH application secret.
|
|
type: password
|
|
required: false
|
|
- variable: OVH_CONSUMER_KEY
|
|
label: OVH Consumer Key
|
|
description: Enter your OVH consumer key.
|
|
type: password
|
|
required: false
|
|
- variable: VULTR_API_KEY
|
|
label: Vultr API Key
|
|
description: Enter the API key for your Vultr account.
|
|
type: password
|
|
required: false
|