Skip to content

Instantly share code, notes, and snippets.

@anton-johansson

anton-johansson/10-namespace.yaml

Created January 10, 2019 09:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anton-johansson/2f38ee6f4de3cfcef4fc7656be75976e to your computer and use it in GitHub Desktop.
Save anton-johansson/2f38ee6f4de3cfcef4fc7656be75976e to your computer and use it in GitHub Desktop.
Download ZIP
Deployment of cert-manager
Raw
10-namespace.yaml
---
kind: Namespace
apiVersion: v1
metadata:
name: cert-manager
Raw
20-custom-resource-definitions.yaml
---
kind: CustomResourceDefinition
apiVersion: apiextensions.k8s.io/v1beta1
metadata:
name: certificates.certmanager.k8s.io
labels:
app.kubernetes.io/name: cert-manager
spec:
group: certmanager.k8s.io
version: v1alpha1
scope: Namespaced
names:
kind: Certificate
plural: certificates
shortNames:
- cert
- certs
---
kind: CustomResourceDefinition
apiVersion: apiextensions.k8s.io/v1beta1
metadata:
name: issuers.certmanager.k8s.io
labels:
app.kubernetes.io/name: cert-manager
spec:
group: certmanager.k8s.io
version: v1alpha1
scope: Namespaced
names:
kind: Issuer
plural: issuers
---
kind: CustomResourceDefinition
apiVersion: apiextensions.k8s.io/v1beta1
metadata:
name: clusterissuers.certmanager.k8s.io
labels:
app.kubernetes.io/name: cert-manager
spec:
group: certmanager.k8s.io
version: v1alpha1
scope: Cluster
names:
kind: ClusterIssuer
plural: clusterissuers
---
kind: CustomResourceDefinition
apiVersion: apiextensions.k8s.io/v1beta1
metadata:
name: orders.certmanager.k8s.io
labels:
app.kubernetes.io/name: cert-manager
spec:
group: certmanager.k8s.io
version: v1alpha1
scope: Namespaced
names:
kind: Order
plural: orders
---
kind: CustomResourceDefinition
apiVersion: apiextensions.k8s.io/v1beta1
metadata:
name: challenges.certmanager.k8s.io
labels:
app.kubernetes.io/name: cert-manager
spec:
group: certmanager.k8s.io
version: v1alpha1
scope: Namespaced
names:
kind: Challenge
plural: challenges
Raw
30-rbac.yaml
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: cert-manager
namespace: cert-manager
labels:
app.kubernetes.io/name: cert-manager
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: cert-manager
labels:
app.kubernetes.io/name: cert-manager
rules:
- apiGroups: ['certmanager.k8s.io']
resources: [certificates, issuers, clusterissuers, orders, challenges]
verbs: ['*']
- apiGroups: ['']
resources: [configmaps, secrets, events, services, pods]
verbs: ['*']
- apiGroups: [extensions]
resources: [ingresses]
verbs: ['*']
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: cert-manager
labels:
app.kubernetes.io/name: cert-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager
subjects:
- name: cert-manager
namespace: cert-manager
kind: ServiceAccount
Raw
40-deployment.yaml
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: cert-manager
namespace: cert-manager
labels:
app.kubernetes.io/name: cert-manager
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: cert-manager
template:
metadata:
labels:
app.kubernetes.io/name: cert-manager
spec:
serviceAccountName: cert-manager
nodeSelector:
kubernetes.io/role: worker
containers:
- name: cert-manager
image: 'quay.io/jetstack/cert-manager-controller:v0.6.0-alpha.0'
args:
- '--cluster-resource-namespace=$(POD_NAMESPACE)'
- '--leader-election-namespace=$(POD_NAMESPACE)'
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
requests:
cpu: 10m
memory: 32Mi
Raw
50-issuer.yaml
---
kind: ClusterIssuer
apiVersion: certmanager.k8s.io/v1alpha1
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: <redacted>
privateKeySecretRef:
name: letsencrypt-staging
http01: {}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment