Created
December 10, 2018 17:30
-
-
Save abevoelker/54163953457bcc84d93cc727ae6b6a3d to your computer and use it in GitHub Desktop.
Revisions
-
abevoelker renamed this gist
Dec 10, 2018 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Dec 10, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,19 @@ apiVersion: certmanager.k8s.io/v1alpha1 kind: Certificate metadata: name: nginx-tls namespace: default spec: secretName: nginx-tls issuerRef: name: letsencrypt-prod kind: ClusterIssuer commonName: REPLACEME dnsNames: - REPLACEME acme: config: - http01: ingress: nginx-ingress domains: - REPLACEME This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,44 @@ Rough cert-manager GKE install instructions: ```sh export PROJECT_ID="cert-manager-$(openssl rand -hex 6)" export [email protected] gcloud projects create --set-as-default $PROJECT_ID gcloud compute addresses create ipv4-address --global --ip-version IPV4 gcloud services enable compute.googleapis.com gcloud services enable container.googleapis.com gcloud container clusters create "standard-cluster-1" --zone "us-central1-a" --cluster-version "1.11.4-gke.8" --machine-type "n1-standard-1" --num-nodes "3" gcloud container clusters get-credentials standard-cluster-1 echo "Register for an account at DuckDNS, then set $PROJECT_ID.duckdns.org A record to $(gcloud compute addresses describe --global --format=json ipv4-address | jq -r '.address')" sed -e "s/host: REPLACEME/host: $PROJECT_ID.duckdns.org/g" manifest.yml | \ kubectl apply -f- echo "After a few minutes, browse to http://$PROJECT_ID.duckdns.org and 'Welcome to nginx!' should display" kubectl create serviceaccount -n kube-system tiller kubectl create clusterrolebinding tiller-binding \ --clusterrole=cluster-admin \ --serviceaccount kube-system:tiller helm init --service-account tiller helm repo update helm install --name cert-manager --version v0.5.2 \ --namespace kube-system stable/cert-manager curl -sSL https://rawgit.com/ahmetb/gke-letsencrypt/master/yaml/letsencrypt-issuer.yaml | \ sed -e "s/email: ''/email: $EMAIL/g" | \ kubectl apply -f- sed -e "s/REPLACEME/$PROJECT_ID.duckdns.org/g" certificate.yml | \ kubectl apply -f- echo "Now wait several minutes for `kubectl describe certificate` to show 'Certificate issued successfully'..." sed -e "s/REPLACEME/$PROJECT_ID.duckdns.org/g" manifest-2.yml | \ kubectl apply -f- echo "After a few minutes visit https://$PROJECT_ID.duckdns.org !" ``` This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,53 @@ apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment spec: selector: matchLabels: app: nginx replicas: 2 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:latest ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: labels: app: nginx name: nginx-service spec: ports: - port: 80 targetPort: 80 selector: app: nginx type: NodePort --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-ingress annotations: kubernetes.io/ingress.global-static-ip-name: ipv4-address spec: tls: - secretName: nginx-tls hosts: - REPLACEME rules: - host: REPLACEME http: paths: - path: /* backend: serviceName: nginx-service servicePort: 80 This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,49 @@ apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment spec: selector: matchLabels: app: nginx replicas: 2 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:latest ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: labels: app: nginx name: nginx-service spec: ports: - port: 80 targetPort: 80 selector: app: nginx type: NodePort --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-ingress annotations: kubernetes.io/ingress.global-static-ip-name: ipv4-address spec: rules: - host: REPLACEME http: paths: - path: /* backend: serviceName: nginx-service servicePort: 80