Skip to content

Instantly share code, notes, and snippets.

@rajatjindal

rajatjindal/certificate.yml

Created July 8, 2024 14:50
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save rajatjindal/0768221780fb2c1c70521ad69c80505e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save rajatjindal/0768221780fb2c1c70521ad69c80505e to your computer and use it in GitHub Desktop.
Download ZIP
commands for setting up ingress + certmanager on a fresh ubuntu machine
Raw
certificate.yml
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: subdomain-mydomain-tech
namespace: subdomain
spec:
secretName: subdomain-mydomain-tech
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- subdomain.mydomain.tech
Raw
commands.sh
```
apt-get update
apt-get install -y git curl wget
curl -sfL https://get.k3s.io | sh -
alias k=kubectl
k create namespace subdomain
k apply -f deploy.yml -n subdomain
k apply -f service.yml -n subdomain
k apply -f ingress.yml -n subdomain
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.crds.yaml
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml
kubectl apply -f lets-encrypt.yml -n subdomain
Raw
deploy.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: subdomain-mydomain-tech
namespace: subdomain
labels:
app: subdomain-mydomain-tech
spec:
replicas: 1
selector:
matchLabels:
app: subdomain-mydomain-tech
template:
metadata:
labels:
app: subdomain-mydomain-tech
spec:
containers:
- name: service
image: ealen/echo-server
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
resources:
requests:
memory: "128Mi"
cpu: 100m
limits:
memory: "256Mi"
cpu: 100m
Raw
ing.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: subdomain
name: subdomain-mydomain-tech
namespace: subdomain
spec:
rules:
- host: subdomain.mydomain.tech
http:
paths:
- backend:
service:
name: subdomain-mydomain-tech
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- subdomain.mydomain.tech
secretName: subdomain-mydomain-tech
Raw
lets-encrypt.yml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: <my email<
preferredChain: ISRG Root X1
privateKeySecretRef:
name: letsencrypt-prod
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
class: traefik
selector: {}
Raw
service.yml
apiVersion: v1
kind: Service
metadata:
name: subdomain-mydomain-tech
namespace: subdomain
spec:
type: ClusterIP
selector:
app: subdomain-mydomain-tech
ports:
- protocol: TCP
port: 80
targetPort: 8080
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment