README.md

Rough cert-manager GKE install instructions:

export PROJECT_ID="cert-manager-$(openssl rand -hex 6)"
export EMAIL=abe@abevoelker.com

gcloud projects create --set-as-default $PROJECT_ID
gcloud compute addresses create ipv4-address --global --ip-version IPV4
gcloud services enable compute.googleapis.com
gcloud services enable container.googleapis.com
gcloud container clusters create "standard-cluster-1" --zone "us-central1-a" --cluster-version "1.11.4-gke.8" --machine-type "n1-standard-1" --num-nodes "3"
gcloud container clusters get-credentials standard-cluster-1

echo "Register for an account at DuckDNS, then set $PROJECT_ID.duckdns.org A record to $(gcloud compute addresses describe --global --format=json ipv4-address | jq -r '.address')"

sed -e "s/host: REPLACEME/host: $PROJECT_ID.duckdns.org/g" manifest.yml | \
  kubectl apply -f-

echo "After a few minutes, browse to http://$PROJECT_ID.duckdns.org and 'Welcome to nginx!' should display"

kubectl create serviceaccount -n kube-system tiller
kubectl create clusterrolebinding tiller-binding \
    --clusterrole=cluster-admin \
    --serviceaccount kube-system:tiller
helm init --service-account tiller
helm repo update

helm install --name cert-manager --version v0.5.2 \
    --namespace kube-system stable/cert-manager

curl -sSL https://rawgit.com/ahmetb/gke-letsencrypt/master/yaml/letsencrypt-issuer.yaml | \
    sed -e "s/email: ''/email: $EMAIL/g" | \
    kubectl apply -f-

sed -e "s/REPLACEME/$PROJECT_ID.duckdns.org/g" certificate.yml | \
  kubectl apply -f-

echo "Now wait several minutes for `kubectl describe certificate` to show 'Certificate issued successfully'..."

sed -e "s/REPLACEME/$PROJECT_ID.duckdns.org/g" manifest-2.yml | \
  kubectl apply -f-
  
echo "After a few minutes visit https://$PROJECT_ID.duckdns.org !"

certificate.yml

apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: nginx-tls
  namespace: default
spec:
  secretName: nginx-tls
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  commonName: REPLACEME
  dnsNames:
  - REPLACEME
  acme:
    config:
    - http01:
        ingress: nginx-ingress
      domains:
      - REPLACEME

manifest-2.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 2
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: nginx-service
spec:
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: nginx
  type: NodePort
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  annotations:
    kubernetes.io/ingress.global-static-ip-name: ipv4-address
spec:
  tls:
  - secretName: nginx-tls
    hosts:
    - REPLACEME
  rules:
  - host: REPLACEME
    http:
      paths:
      - path: /*
        backend:
          serviceName: nginx-service
          servicePort: 80

manifest.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 2
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: nginx-service
spec:
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: nginx
  type: NodePort
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  annotations:
    kubernetes.io/ingress.global-static-ip-name: ipv4-address
spec:
  rules:
  - host: REPLACEME
    http:
      paths:
      - path: /*
        backend:
          serviceName: nginx-service
          servicePort: 80