From 5d4378c5852486bbb2804d2720a6795daeac9dad Mon Sep 17 00:00:00 2001 From: Jose Diaz-Gonzalez Date: Wed, 15 Oct 2025 00:19:03 -0400 Subject: [PATCH 1/2] feat: add ability to disable letsencrypt for a given application or globally If disabled globally, it can be re-enabled on a per-app basis by setting the `letsencrypt-server` property to `production` or `staging`. --- docs/deployment/schedulers/k3s.md | 12 ++++++++++++ plugins/scheduler-k3s/triggers.go | 26 ++++++++++++++------------ 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/docs/deployment/schedulers/k3s.md b/docs/deployment/schedulers/k3s.md index 2846949e9..af5ce1e66 100644 --- a/docs/deployment/schedulers/k3s.md +++ b/docs/deployment/schedulers/k3s.md @@ -213,6 +213,18 @@ The default value may be set by passing an empty value for the option. dokku scheduler-k3s:set --global letsencrypt-server staging ``` +Letsencrypt can be completely disabled for a given appby setting the `letsencrypt-server` to `false` + +```shell +dokku scheduler-k3s:set node-js-app letsencrypt-server false +``` + +The server can also be disabled globally, and then conditionally enabled on a per-app basis: + +```shell +dokku scheduler-k3s:set --global letsencrypt-server false +``` + ### Customizing Annotations and Labels > [!NOTE] diff --git a/plugins/scheduler-k3s/triggers.go b/plugins/scheduler-k3s/triggers.go index 298ee7fe2..b89aa017c 100644 --- a/plugins/scheduler-k3s/triggers.go +++ b/plugins/scheduler-k3s/triggers.go @@ -226,22 +226,24 @@ func TriggerSchedulerDeploy(scheduler string, appName string, imageTag string) e return fmt.Errorf("Error loading environment for deployment: %w", err) } - issuerName := "letsencrypt-stag" server := getComputedLetsencryptServer(appName) - if server == "prod" || server == "production" { - issuerName = "letsencrypt-prod" - } else if server != "stag" && server != "staging" { - return fmt.Errorf("Invalid letsencrypt server config: %s", server) - } - - tlsEnabled := false letsencryptEmailStag := getGlobalLetsencryptEmailStag() letsencryptEmailProd := getGlobalLetsencryptEmailProd() - if issuerName == "letsencrypt-stag" { - tlsEnabled = letsencryptEmailStag != "" - } - if issuerName == "letsencrypt-prod" { + tlsEnabled := false + + issuerName := "" + switch server { + case "prod", "production": + issuerName = "letsencrypt-prod" tlsEnabled = letsencryptEmailProd != "" + case "stag", "staging": + issuerName = "letsencrypt-stag" + tlsEnabled = letsencryptEmailStag != "" + case "false": + issuerName = "" + tlsEnabled = false + default: + return fmt.Errorf("Invalid letsencrypt server config: %s", server) } chartDir, err := os.MkdirTemp("", "dokku-chart-") From 3dde9853ca3744c50234c3de6c5c696399a8232b Mon Sep 17 00:00:00 2001 From: Jose Diaz-Gonzalez Date: Wed, 15 Oct 2025 11:14:14 -0400 Subject: [PATCH 2/2] Update docs/deployment/schedulers/k3s.md Co-authored-by: othercorey --- docs/deployment/schedulers/k3s.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deployment/schedulers/k3s.md b/docs/deployment/schedulers/k3s.md index af5ce1e66..3f05ef279 100644 --- a/docs/deployment/schedulers/k3s.md +++ b/docs/deployment/schedulers/k3s.md @@ -213,7 +213,7 @@ The default value may be set by passing an empty value for the option. dokku scheduler-k3s:set --global letsencrypt-server staging ``` -Letsencrypt can be completely disabled for a given appby setting the `letsencrypt-server` to `false` +Letsencrypt can be completely disabled for a given app by setting the `letsencrypt-server` to `false` ```shell dokku scheduler-k3s:set node-js-app letsencrypt-server false