openshift
diff --git a/‎test/assets/cert-manager/pebble-server.yaml
Lines changed: 76 additions & 0 deletions b/‎test/assets/cert-manager/pebble-server.yaml
Lines changed: 76 additions & 0 deletions
@@ -0,0 +1,76 @@
+# xref: https://github.com/letsencrypt/pebble/tree/main/test/config
+# xref: https://github.com/cert-manager/cert-manager/blob/master/make/config/pebble
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: pebble
+data:
+  pebble-config.json: |
+    {
+      "pebble": {
+        "listenAddress": "0.0.0.0:14000",
+        "managementListenAddress": "0.0.0.0:15000",
+        "certificate": "test/certs/localhost/cert.pem",
+        "privateKey": "test/certs/localhost/key.pem",
+        "httpPort": 80,
+        "tlsPort": 443,
+        "ocspResponderURL": "",
+        "externalAccountBindingRequired": false
+      }
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pebble
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: pebble
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: pebble
+    spec:
+      volumes:
+        - name: config-volume
+          configMap:
+            name: pebble
+            items:
+              - key: pebble-config.json
+                path: pebble-config.json
+      containers:
+        - image: quay.io/openshifttest/letsencrypt-pebble:2.7.0
+          imagePullPolicy: IfNotPresent
+          name: pebble
+          ports:
+            - name: http
+              containerPort: 14000
+              protocol: TCP
+          volumeMounts:
+            - name: config-volume
+              mountPath: /test/config/pebble-config.json
+              subPath: pebble-config.json
+              readOnly: true
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: pebble
+spec:
+  type: ClusterIP
+  ports:
+    - port: 14000
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: pebble