Last active
July 20, 2017 10:32
-
-
Save qw1mb0/a493a6b3779676d77cdfa1172d6112f6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: kube-lego | |
| --- | |
| apiVersion: v1 | |
| metadata: | |
| name: kube-lego | |
| namespace: kube-lego | |
| data: | |
| # modify this to specify your address | |
| lego.email: "256@flant.ru" | |
| # configure letencrypt's production api | |
| lego.url: "https://acme-v01.api.letsencrypt.org/directory" | |
| # configure letencrypt's staging api | |
| # lego.url: "https://acme-staging.api.letsencrypt.org/directory" | |
| kind: ConfigMap | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| kind: ClusterRole | |
| metadata: | |
| name: lego | |
| rules: | |
| - apiGroups: | |
| - "" | |
| - "extensions" | |
| resources: | |
| - configmaps | |
| - secrets | |
| - services | |
| - endpoints | |
| - ingresses | |
| - nodes | |
| - pods | |
| verbs: | |
| - list | |
| - get | |
| - watch | |
| - apiGroups: | |
| - "extensions" | |
| - "" | |
| resources: | |
| - ingresses | |
| - ingresses/status | |
| verbs: | |
| - get | |
| - update | |
| - create | |
| - list | |
| - patch | |
| - delete | |
| - watch | |
| - apiGroups: | |
| - "*" | |
| - "" | |
| resources: | |
| - events | |
| - certificates | |
| - secrets | |
| verbs: | |
| - create | |
| - list | |
| - update | |
| - get | |
| - patch | |
| - watch | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: lego | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: lego | |
| subjects: | |
| - kind: ServiceAccount | |
| name: lego | |
| namespace: kube-lego | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: lego | |
| namespace: kube-lego | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: Deployment | |
| metadata: | |
| name: kube-lego | |
| namespace: kube-lego | |
| spec: | |
| replicas: 1 | |
| template: | |
| metadata: | |
| labels: | |
| app: kube-lego | |
| spec: | |
| serviceAccountName: lego | |
| containers: | |
| - name: kube-lego | |
| image: jetstack/kube-lego:0.1.3 | |
| imagePullPolicy: Always | |
| ports: | |
| - containerPort: 8080 | |
| env: | |
| - name: LEGO_EMAIL | |
| valueFrom: | |
| configMapKeyRef: | |
| name: kube-lego | |
| key: lego.email | |
| - name: LEGO_URL | |
| valueFrom: | |
| configMapKeyRef: | |
| name: kube-lego | |
| key: lego.url | |
| - name: LEGO_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| - name: LEGO_POD_IP | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: status.podIP | |
| readinessProbe: | |
| httpGet: | |
| path: /healthz | |
| port: 8080 | |
| initialDelaySeconds: 5 | |
| timeoutSeconds: 1 | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: kube-lego-nginx | |
| namespace: kube-lego | |
| spec: | |
| type: LoadBalancer | |
| ports: | |
| - name: http | |
| port: 8080 | |
| targetPort: 8080 | |
| selector: | |
| app: kube-lego |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment