jgleonard/lets-encrypt.sh

## lets-encrypt.sh
#!/bin/bash

# Email for Let's Encrypt account
EMAIL="foo@example.com"

# Install the CustomResourceDefinition resources separately
kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml

# Create the namespace for cert-manager
kubectl create namespace cert-manager

# Label the cert-manager namespace to disable resource validation
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true

# Install Issuers
# One Issuer and one ClusterIssuer shown
cat <<EOF | kubectl create -f -
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    # The ACME server URL
    server: https://acme-staging.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: "$EMAIL"
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-staging
    # Enable the HTTP-01 challenge provider
    http01: {}

---
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
  name: letsencrypt-production
spec:
  acme:
    # The ACME production api URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: "$EMAIL"
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-production
    # Enable the HTTP-01 challenge provider
    http01: {}
EOF

# Update your local Helm chart repository cache
helm repo update

# Install the cert-manager Helm chart
# Shown with Production ClusterIssue
helm upgrade --install \
  --namespace cert-manager \
  --set resources.requests.cpu=10m \
  --set resources.requests.memory=32Mi \
  --set resources.limits.cpu=100m \
  --set resources.limits.memory=128Mi \
  --set ingressShim.defaultIssuerName="letsencrypt-production" \
  --set ingressShim.defaultIssuerKind="ClusterIssuer" \
  cert-manager stable/cert-manager
	#!/bin/bash

	# Email for Let's Encrypt account
	EMAIL="foo@example.com"

	# Install the CustomResourceDefinition resources separately
	kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml

	# Create the namespace for cert-manager
	kubectl create namespace cert-manager

	# Label the cert-manager namespace to disable resource validation
	kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true

	# Install Issuers
	# One Issuer and one ClusterIssuer shown
	cat <<EOF \| kubectl create -f -
	---
	apiVersion: certmanager.k8s.io/v1alpha1
	kind: Issuer
	metadata:
	name: letsencrypt-staging
	spec:
	acme:
	# The ACME server URL
	server: https://acme-staging.api.letsencrypt.org/directory
	# Email address used for ACME registration
	email: "$EMAIL"
	# Name of a secret used to store the ACME account private key
	privateKeySecretRef:
	name: letsencrypt-staging
	# Enable the HTTP-01 challenge provider
	http01: {}

	---
	apiVersion: certmanager.k8s.io/v1alpha1
	kind: ClusterIssuer
	metadata:
	name: letsencrypt-production
	spec:
	acme:
	# The ACME production api URL
	server: https://acme-v02.api.letsencrypt.org/directory
	# Email address used for ACME registration
	email: "$EMAIL"
	# Name of a secret used to store the ACME account private key
	privateKeySecretRef:
	name: letsencrypt-production
	# Enable the HTTP-01 challenge provider
	http01: {}
	EOF

	# Update your local Helm chart repository cache
	helm repo update

	# Install the cert-manager Helm chart
	# Shown with Production ClusterIssue
	helm upgrade --install \
	--namespace cert-manager \
	--set resources.requests.cpu=10m \
	--set resources.requests.memory=32Mi \
	--set resources.limits.cpu=100m \
	--set resources.limits.memory=128Mi \
	--set ingressShim.defaultIssuerName="letsencrypt-production" \
	--set ingressShim.defaultIssuerKind="ClusterIssuer" \
	cert-manager stable/cert-manager