# inspired by https://github.com/ncsa/traefik-certmanager # # Used to automatically create cert request for IngressRoute Objects # # Added by Aaron --- apiVersion: v1 kind: ServiceAccount metadata: name: traefik-certmanager namespace: traefik --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: traefik-certmanager rules: - apiGroups: ["traefik.io"] resources: ["ingressroutes"] verbs: ["watch", "patch", "list"] - apiGroups: ["cert-manager.io"] resources: ["certificates"] verbs: ["get", "create", "delete"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: traefik-certmanager subjects: - kind: ServiceAccount name: traefik-certmanager namespace: traefik roleRef: kind: ClusterRole name: traefik-certmanager apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: Deployment metadata: name: traefik-certmanager namespace: traefik spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: traefik-certmanager template: metadata: labels: app.kubernetes.io/name: traefik-certmanager spec: serviceAccount: traefik-certmanager containers: - name: traefik-certmanager image: git.ar21.de/yolokube/go-traefik-certmanager:latest imagePullPolicy: Always env: - name: CERT_ISSUER_NAME value: letsencrypt-prod - name: CERT_ISSUER_KIND value: ClusterIssuer - name: CERT_CLEANUP value: "true" - name: PATCH_SECRETNAME value: "true"