wbyoung/gke-managed-certs-manifest.yml

## gke-managed-certs-manifest.yml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: managedcertificates.networking.gke.io
spec:
  group: networking.gke.io
  names:
    kind: ManagedCertificate
    plural: managedcertificates
    shortNames:
    - mcrt
    singular: managedcertificate
  scope: Namespaced
  validation:
    openAPIV3Schema:
      properties:
        spec:
          properties:
            domains:
              items:
                maxLength: 63
                pattern: ^(([a-zA-Z0-9]+|[a-zA-Z0-9][-a-zA-Z0-9]*[a-zA-Z0-9])\.)+[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]\.?$
                type: string
              maxItems: 1
              type: array
        status:
          properties:
            certificateName:
              type: string
            certificateStatus:
              type: string
            domainStatus:
              items:
                properties:
                  domain:
                    type: string
                  status:
                    type: string
                required:
                - domain
                - status
                type: object
              type: array
            expireTime:
              format: date-time
              type: string
  version: v1beta1
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: managed-certificate-account
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: managed-certificate-role
rules:
- apiGroups:
  - networking.gke.io
  resources:
  - managedcertificates
  verbs:
  - '*'
- apiGroups:
  - ""
  - extensions
  resources:
  - configmaps
  - events
  - ingresses
  verbs:
  - '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: managed-certificate-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: managed-certificate-role
subjects:
- kind: ServiceAccount
  name: managed-certificate-account
  namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: managed-certificate-controller
spec:
  replicas: 1
  selector:
    matchLabels:
      app: managed-certificate-controller
  template:
    metadata:
      labels:
        app: managed-certificate-controller
    spec:
      containers:
      - env:
        - name: GOOGLE_APPLICATION_CREDENTIALS
          value: /var/run/credentials/service-account-key.json
        image: eu.gcr.io/managed-certs-gke/managed-certificate-controller:ci_latest
        imagePullPolicy: Always
        name: managed-certificate-controller
        volumeMounts:
        - mountPath: /var/run/credentials
          name: google-application-credentials
          readOnly: true
        - mountPath: /etc/ssl/certs
          name: ssl-certs
          readOnly: true
        - mountPath: /usr/share/ca-certificates
          name: usrsharecacerts
          readOnly: true
        - mountPath: /var/log/managed_certificate_controller.log
          name: logfile
          readOnly: false
      serviceAccountName: managed-certificate-account
      volumes:
      - name: google-application-credentials
        secret:
          secretName: gke-managed-certs-credentials
      - hostPath:
          path: /etc/ssl/certs
        name: ssl-certs
      - hostPath:
          path: /usr/share/ca-certificates
        name: usrsharecacerts
      - hostPath:
          path: /var/log/managed_certificate_controller.log
          type: FileOrCreate
        name: logfile
	apiVersion: apiextensions.k8s.io/v1beta1
	kind: CustomResourceDefinition
	metadata:
	name: managedcertificates.networking.gke.io
	spec:
	group: networking.gke.io
	names:
	kind: ManagedCertificate
	plural: managedcertificates
	shortNames:
	- mcrt
	singular: managedcertificate
	scope: Namespaced
	validation:
	openAPIV3Schema:
	properties:
	spec:
	properties:
	domains:
	items:
	maxLength: 63
	pattern: ^(([a-zA-Z0-9]+\|[a-zA-Z0-9][-a-zA-Z0-9][a-zA-Z0-9])\.)+[a-zA-Z][-a-zA-Z0-9][a-zA-Z0-9]\.?$
	type: string
	maxItems: 1
	type: array
	status:
	properties:
	certificateName:
	type: string
	certificateStatus:
	type: string
	domainStatus:
	items:
	properties:
	domain:
	type: string
	status:
	type: string
	required:
	- domain
	- status
	type: object
	type: array
	expireTime:
	format: date-time
	type: string
	version: v1beta1
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: managed-certificate-account
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: managed-certificate-role
	rules:
	- apiGroups:
	- networking.gke.io
	resources:
	- managedcertificates
	verbs:
	- '*'
	- apiGroups:
	- ""
	- extensions
	resources:
	- configmaps
	- events
	- ingresses
	verbs:
	- '*'
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: managed-certificate-binding
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: managed-certificate-role
	subjects:
	- kind: ServiceAccount
	name: managed-certificate-account
	namespace: default
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: managed-certificate-controller
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: managed-certificate-controller
	template:
	metadata:
	labels:
	app: managed-certificate-controller
	spec:
	containers:
	- env:
	- name: GOOGLE_APPLICATION_CREDENTIALS
	value: /var/run/credentials/service-account-key.json
	image: eu.gcr.io/managed-certs-gke/managed-certificate-controller:ci_latest
	imagePullPolicy: Always
	name: managed-certificate-controller
	volumeMounts:
	- mountPath: /var/run/credentials
	name: google-application-credentials
	readOnly: true
	- mountPath: /etc/ssl/certs
	name: ssl-certs
	readOnly: true
	- mountPath: /usr/share/ca-certificates
	name: usrsharecacerts
	readOnly: true
	- mountPath: /var/log/managed_certificate_controller.log
	name: logfile
	readOnly: false
	serviceAccountName: managed-certificate-account
	volumes:
	- name: google-application-credentials
	secret:
	secretName: gke-managed-certs-credentials
	- hostPath:
	path: /etc/ssl/certs
	name: ssl-certs
	- hostPath:
	path: /usr/share/ca-certificates
	name: usrsharecacerts
	- hostPath:
	path: /var/log/managed_certificate_controller.log
	type: FileOrCreate
	name: logfile