smallstep-certificates/autocert/install/02-autocert.yaml

apiVersion: v1
kind: Service
metadata:
  labels: {app: autocert}
  name: autocert
  namespace: step
spec:
  type: ClusterIP
  ports:
  - port: 443
    targetPort: 4443
  selector: {app: autocert}

---

apiVersion: v1
kind: ConfigMap
metadata:
  name: autocert-config
  namespace: step
data:
  config.yaml: |
    logFormat: json # or text
    caUrl: https://ca.step.svc.cluster.local
    certLifetime: 24h
    renewer:
      name: autocert-renewer
      image: smallstep/autocert-renewer:0.8.3
      resources: {requests: {cpu: 10m, memory: 20Mi}}
      imagePullPolicy: IfNotPresent
      volumeMounts:
      - name: certs
        mountPath: /var/run/autocert.step.sm
    bootstrapper:
      name: autocert-bootstrapper
      image: smallstep/autocert-bootstrapper:0.8.3
      resources: {requests: {cpu: 10m, memory: 20Mi}}
      imagePullPolicy: IfNotPresent
      volumeMounts:
      - name: certs
        mountPath: /var/run/autocert.step.sm
    certsVolume:
      name: certs
      emptyDir: {}

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: autocert
  namespace: step
  labels: {app: autocert}
spec:
  replicas: 1
  selector: {matchLabels: {app: autocert}}
  template:
    metadata: {labels: {app: autocert}}
    spec:
      containers:
      - name: autocert
        image: smallstep/autocert-controller:0.8.3
        resources: {requests: {cpu: 100m, memory: 20Mi}}
        env:
        - name: PROVISIONER_NAME
          value: autocert
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: config
          mountPath: /home/step/.step/config
          readOnly: true
        - name: certs
          mountPath: /home/step/.step/certs
          readOnly: true
        - name: autocert-password
          mountPath: /home/step/password
          readOnly: true
        - name: autocert-config
          mountPath: /home/step/autocert
          readOnly: true
        securityContext:
          runAsUser: 1000
          allowPrivilegeEscalation: false
        livenessProbe:
          httpGet:
            path: /healthz
            port: 4443
            scheme: HTTPS
        readinessProbe:
          httpGet:
            path: /healthz
            port: 4443
            scheme: HTTPS
      volumes:
      - name: config
        configMap: {name: config}
      - name: certs
        configMap: {name: certs}
      - name: autocert-password
        secret: {secretName: autocert-password}
      - name: autocert-config
        configMap: {name: autocert-config}
autocert 2019-01-18 00:07:27 +00:00			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`labels: {app: autocert}`
			`name: autocert`
			`namespace: step`
			`spec:`
			`type: ClusterIP`
			`ports:`
			`- port: 443`
			`targetPort: 4443`
			`selector: {app: autocert}`

			`---`

			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: autocert-config`
			`namespace: step`
			`data:`
			`config.yaml: \|`
			`logFormat: json # or text`
			`caUrl: https://ca.step.svc.cluster.local`
			`certLifetime: 24h`
			`renewer:`
			`name: autocert-renewer`
			`image: smallstep/autocert-renewer:0.8.3`
			`resources: {requests: {cpu: 10m, memory: 20Mi}}`
			`imagePullPolicy: IfNotPresent`
			`volumeMounts:`
			`- name: certs`
			`mountPath: /var/run/autocert.step.sm`
			`bootstrapper:`
			`name: autocert-bootstrapper`
			`image: smallstep/autocert-bootstrapper:0.8.3`
			`resources: {requests: {cpu: 10m, memory: 20Mi}}`
			`imagePullPolicy: IfNotPresent`
			`volumeMounts:`
			`- name: certs`
			`mountPath: /var/run/autocert.step.sm`
			`certsVolume:`
			`name: certs`
			`emptyDir: {}`

			`---`

			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: autocert`
			`namespace: step`
			`labels: {app: autocert}`
			`spec:`
			`replicas: 1`
			`selector: {matchLabels: {app: autocert}}`
			`template:`
			`metadata: {labels: {app: autocert}}`
			`spec:`
			`containers:`
			`- name: autocert`
			`image: smallstep/autocert-controller:0.8.3`
			`resources: {requests: {cpu: 100m, memory: 20Mi}}`
			`env:`
			`- name: PROVISIONER_NAME`
			`value: autocert`
			`- name: NAMESPACE`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: metadata.namespace`
			`volumeMounts:`
			`- name: config`
			`mountPath: /home/step/.step/config`
			`readOnly: true`
			`- name: certs`
			`mountPath: /home/step/.step/certs`
			`readOnly: true`
			`- name: autocert-password`
			`mountPath: /home/step/password`
			`readOnly: true`
			`- name: autocert-config`
			`mountPath: /home/step/autocert`
			`readOnly: true`
			`securityContext:`
			`runAsUser: 1000`
			`allowPrivilegeEscalation: false`
			`livenessProbe:`
			`httpGet:`
			`path: /healthz`
			`port: 4443`
			`scheme: HTTPS`
			`readinessProbe:`
			`httpGet:`
			`path: /healthz`
			`port: 4443`
			`scheme: HTTPS`
			`volumes:`
			`- name: config`
			`configMap: {name: config}`
			`- name: certs`
			`configMap: {name: certs}`
			`- name: autocert-password`
			`secret: {secretName: autocert-password}`
			`- name: autocert-config`
			`configMap: {name: autocert-config}`