Skip to content

Instantly share code, notes, and snippets.

@abevoelker

abevoelker/README.md

Created December 10, 2018 17:30
Show Gist options
  • Save abevoelker/54163953457bcc84d93cc727ae6b6a3d to your computer and use it in GitHub Desktop.
Save abevoelker/54163953457bcc84d93cc727ae6b6a3d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
README.md

Rough cert-manager GKE install instructions:

export PROJECT_ID="cert-manager-$(openssl rand -hex 6)"
export [email protected]

gcloud projects create --set-as-default $PROJECT_ID
gcloud compute addresses create ipv4-address --global --ip-version IPV4
gcloud services enable compute.googleapis.com
gcloud services enable container.googleapis.com
gcloud container clusters create "standard-cluster-1" --zone "us-central1-a" --cluster-version "1.11.4-gke.8" --machine-type "n1-standard-1" --num-nodes "3"
gcloud container clusters get-credentials standard-cluster-1

echo "Register for an account at DuckDNS, then set $PROJECT_ID.duckdns.org A record to $(gcloud compute addresses describe --global --format=json ipv4-address | jq -r '.address')"

sed -e "s/host: REPLACEME/host: $PROJECT_ID.duckdns.org/g" manifest.yml | \
  kubectl apply -f-

echo "After a few minutes, browse to http://$PROJECT_ID.duckdns.org and 'Welcome to nginx!' should display"

kubectl create serviceaccount -n kube-system tiller
kubectl create clusterrolebinding tiller-binding \
    --clusterrole=cluster-admin \
    --serviceaccount kube-system:tiller
helm init --service-account tiller
helm repo update

helm install --name cert-manager --version v0.5.2 \
    --namespace kube-system stable/cert-manager

curl -sSL https://rawgit.com/ahmetb/gke-letsencrypt/master/yaml/letsencrypt-issuer.yaml | \
    sed -e "s/email: ''/email: $EMAIL/g" | \
    kubectl apply -f-

sed -e "s/REPLACEME/$PROJECT_ID.duckdns.org/g" certificate.yml | \
  kubectl apply -f-

echo "Now wait several minutes for `kubectl describe certificate` to show 'Certificate issued successfully'..."

sed -e "s/REPLACEME/$PROJECT_ID.duckdns.org/g" manifest-2.yml | \
  kubectl apply -f-
  
echo "After a few minutes visit https://$PROJECT_ID.duckdns.org !"
Raw
certificate.yml
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: nginx-tls
namespace: default
spec:
secretName: nginx-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: REPLACEME
dnsNames:
- REPLACEME
acme:
config:
- http01:
ingress: nginx-ingress
domains:
- REPLACEME
Raw
manifest-2.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx
name: nginx-service
spec:
ports:
- port: 80
targetPort: 80
selector:
app: nginx
type: NodePort
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: ipv4-address
spec:
tls:
- secretName: nginx-tls
hosts:
- REPLACEME
rules:
- host: REPLACEME
http:
paths:
- path: /*
backend:
serviceName: nginx-service
servicePort: 80
Raw
manifest.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx
name: nginx-service
spec:
ports:
- port: 80
targetPort: 80
selector:
app: nginx
type: NodePort
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: ipv4-address
spec:
rules:
- host: REPLACEME
http:
paths:
- path: /*
backend:
serviceName: nginx-service
servicePort: 80
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment