Last active
June 18, 2019 08:49
-
-
Save saidsef/b82bdfdeda009b752b85f9cad6954e2b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: certs | |
| labels: | |
| name: certs | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: cert-manager | |
| namespace: "certs" | |
| labels: | |
| app: cert-manager | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: certificates.certmanager.k8s.io | |
| annotations: | |
| "helm.sh/hook": crd-install | |
| labels: | |
| app: cert-manager | |
| spec: | |
| group: certmanager.k8s.io | |
| version: v1alpha1 | |
| scope: Namespaced | |
| names: | |
| kind: Certificate | |
| plural: certificates | |
| shortNames: | |
| - cert | |
| - certs | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: challenges.certmanager.k8s.io | |
| labels: | |
| app: cert-manager | |
| spec: | |
| group: certmanager.k8s.io | |
| version: v1alpha1 | |
| names: | |
| kind: Challenge | |
| plural: challenges | |
| scope: Namespaced | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: clusterissuers.certmanager.k8s.io | |
| annotations: | |
| "helm.sh/hook": crd-install | |
| labels: | |
| app: cert-manager | |
| spec: | |
| group: certmanager.k8s.io | |
| version: v1alpha1 | |
| names: | |
| kind: ClusterIssuer | |
| plural: clusterissuers | |
| scope: Cluster | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: issuers.certmanager.k8s.io | |
| annotations: | |
| "helm.sh/hook": crd-install | |
| labels: | |
| app: cert-manager | |
| spec: | |
| group: certmanager.k8s.io | |
| version: v1alpha1 | |
| names: | |
| kind: Issuer | |
| plural: issuers | |
| scope: Namespaced | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: orders.certmanager.k8s.io | |
| labels: | |
| app: cert-manager | |
| spec: | |
| group: certmanager.k8s.io | |
| version: v1alpha1 | |
| names: | |
| kind: Order | |
| plural: orders | |
| scope: Namespaced | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| kind: ClusterRole | |
| metadata: | |
| name: cert-manager | |
| labels: | |
| app: cert-manager | |
| rules: | |
| - apiGroups: ["certmanager.k8s.io"] | |
| resources: ["certificates", "issuers", "clusterissuers", "orders", "challenges"] | |
| verbs: ["*"] | |
| - apiGroups: [""] | |
| resources: ["configmaps", "secrets", "events", "services", "pods"] | |
| verbs: ["*"] | |
| - apiGroups: ["extensions"] | |
| resources: ["ingresses"] | |
| verbs: ["*"] | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: cert-manager | |
| labels: | |
| app: cert-manager | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: cert-manager | |
| subjects: | |
| - name: cert-manager | |
| namespace: "certs" | |
| kind: ServiceAccount | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: cert-manager-view | |
| labels: | |
| app: cert-manager | |
| rbac.authorization.k8s.io/aggregate-to-view: "true" | |
| rbac.authorization.k8s.io/aggregate-to-edit: "true" | |
| rbac.authorization.k8s.io/aggregate-to-admin: "true" | |
| rules: | |
| - apiGroups: ["certmanager.k8s.io"] | |
| resources: ["certificates", "issuers"] | |
| verbs: ["get", "list", "watch"] | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: cert-manager-edit | |
| labels: | |
| app: cert-manager | |
| rbac.authorization.k8s.io/aggregate-to-edit: "true" | |
| rbac.authorization.k8s.io/aggregate-to-admin: "true" | |
| rules: | |
| - apiGroups: ["certmanager.k8s.io"] | |
| resources: ["certificates", "issuers"] | |
| verbs: ["create", "delete", "deletecollection", "patch", "update"] | |
| --- | |
| apiVersion: apps/v1beta1 | |
| kind: Deployment | |
| metadata: | |
| name: cert-manager | |
| namespace: "certs" | |
| labels: | |
| app: cert-manager | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: cert-manager | |
| release: cert-manager | |
| template: | |
| metadata: | |
| labels: | |
| app: cert-manager | |
| release: cert-manager | |
| annotations: | |
| spec: | |
| serviceAccountName: cert-manager | |
| containers: | |
| - name: cert-manager | |
| image: "quay.io/jetstack/cert-manager-controller:v0.5.2" | |
| imagePullPolicy: Always | |
| args: | |
| - --cluster-resource-namespace=$(POD_NAMESPACE) | |
| - --leader-election-namespace=$(POD_NAMESPACE) | |
| - --default-issuer-name=letsencrypt-prod | |
| - --default-issuer-kind=ClusterIssuer | |
| #- --default-acme-issuer-challenge-type=dns01 | |
| #- --default-acme-issuer-dns01-provider-name=route53 | |
| env: | |
| - name: POD_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| resources: | |
| {} | |
| --- | |
| apiVersion: certmanager.k8s.io/v1alpha1 | |
| kind: ClusterIssuer | |
| metadata: | |
| name: letsencrypt-prod | |
| labels: | |
| name: letsencrypt-prod | |
| spec: | |
| acme: | |
| server: https://acme-v02.api.letsencrypt.org/directory | |
| email: devops@saidsef.co.uk | |
| privateKeySecretRef: | |
| name: letsencrypt-prod | |
| http01: {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment