theikkila · July 19, 2018 14:26
diff --git a/00-ns.yml b/00-ns.yml
 apiVersion: v1
 kind: Namespace
 metadata:
  name: kube-lego
diff --git a/01-configmap.yml b/01-configmap.yml
 apiVersion: v1
 metadata:
  name: kube-lego
  namespace: kube-lego
 data:
  # modify this to specify your address
  lego.email: "[email protected]"
  # configure letsencrypt's production api
  lego.url: "https://acme-v01.api.letsencrypt.org/directory"
 kind: ConfigMap
diff --git a/02-dep.yml b/02-dep.yml

 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  name: kube-lego
  namespace: kube-lego
 spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: kube-lego
    spec:
      serviceAccountName: kube-lego
      containers:
      - name: kube-lego
        image: jetstack/kube-lego:0.1.5
        imagePullPolicy: Always
        ports:
        - containerPort: 8080
        env:
        - name: LEGO_EMAIL
          valueFrom:
            configMapKeyRef:
              name: kube-lego
              key: lego.email
        - name: LEGO_URL
          valueFrom:
            configMapKeyRef:
              name: kube-lego
              key: lego.url
        - name: LEGO_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: LEGO_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        readinessProbe:
          httpGet:
            path: /healthz
            port: 8080
          initialDelaySeconds: 5
          timeoutSeconds: 1
diff --git a/03-rbac.yml b/03-rbac.yml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: kube-lego
  namespace: kube-lego
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
  name: kube-lego
 rules:
 - apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
  - list
 - apiGroups:
  - ""
  resources:
  - services
  - endpoints
  verbs:
  - create
  - get
  - delete
  - update
 - apiGroups:
  - extensions
  resources:
  - ingresses
  verbs:
  - get
  - update
  - create
  - list
  - patch
  - delete
  - watch
 - apiGroups:
  - ""
  resources:
  - endpoints
  - secrets
  verbs:
  - get
  - create
  - update

 ---


 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
  name: kube-lego
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kube-lego
 subjects:
  - kind: ServiceAccount
    name: kube-lego
    namespace: kube-lego
diff --git a/apply.sh b/apply.sh
 #!/bin/sh

 kubectl apply -f 00-namespace.yml
 kubectl apply -f 01-configmap.yml
 kubectl apply -f 02-deployment.yml
diff --git a/example.yml b/example.yml
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  name: app-server
  namespace: production
  annotations:
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/proxy-body-size: 100m
 spec:
  tls:
  - hosts:
    - app.example.com
    secretName: lego-cert-tls
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: app-service
          servicePort: 8088
	apiVersion: v1
	metadata:
	name: kube-lego
	namespace: kube-lego
	data:
	# modify this to specify your address
	lego.email: "[email protected]"
	# configure letsencrypt's production api
	lego.url: "https://acme-v01.api.letsencrypt.org/directory"
	kind: ConfigMap

	apiVersion: extensions/v1beta1
	kind: Deployment
	metadata:
	name: kube-lego
	namespace: kube-lego
	spec:
	replicas: 1
	template:
	metadata:
	labels:
	app: kube-lego
	spec:
	serviceAccountName: kube-lego
	containers:
	- name: kube-lego
	image: jetstack/kube-lego:0.1.5
	imagePullPolicy: Always
	ports:
	- containerPort: 8080
	env:
	- name: LEGO_EMAIL
	valueFrom:
	configMapKeyRef:
	name: kube-lego
	key: lego.email
	- name: LEGO_URL
	valueFrom:
	configMapKeyRef:
	name: kube-lego
	key: lego.url
	- name: LEGO_NAMESPACE
	valueFrom:
	fieldRef:
	fieldPath: metadata.namespace
	- name: LEGO_POD_IP
	valueFrom:
	fieldRef:
	fieldPath: status.podIP
	readinessProbe:
	httpGet:
	path: /healthz
	port: 8080
	initialDelaySeconds: 5
	timeoutSeconds: 1
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: kube-lego
	namespace: kube-lego
	---
	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRole
	metadata:
	name: kube-lego
	rules:
	- apiGroups:
	- ""
	resources:
	- pods
	verbs:
	- get
	- list
	- apiGroups:
	- ""
	resources:
	- services
	- endpoints
	verbs:
	- create
	- get
	- delete
	- update
	- apiGroups:
	- extensions
	resources:
	- ingresses
	verbs:
	- get
	- update
	- create
	- list
	- patch
	- delete
	- watch
	- apiGroups:
	- ""
	resources:
	- endpoints
	- secrets
	verbs:
	- get
	- create
	- update

	---


	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRoleBinding
	metadata:
	name: kube-lego
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: kube-lego
	subjects:
	- kind: ServiceAccount
	name: kube-lego
	namespace: kube-lego
	#!/bin/sh

	kubectl apply -f 00-namespace.yml
	kubectl apply -f 01-configmap.yml
	kubectl apply -f 02-deployment.yml
	apiVersion: extensions/v1beta1
	kind: Ingress
	metadata:
	name: app-server
	namespace: production
	annotations:
	kubernetes.io/tls-acme: "true"
	kubernetes.io/ingress.class: "nginx"
	nginx.ingress.kubernetes.io/proxy-body-size: 100m
	spec:
	tls:
	- hosts:
	- app.example.com
	secretName: lego-cert-tls
	rules:
	- host: app.example.com
	http:
	paths:
	- path: /
	backend:
	serviceName: app-service
	servicePort: 8088