38 lines
808 B
YAML
38 lines
808 B
YAML
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Issuer
|
|
metadata:
|
|
name: {{ instance_name }}-selfsigned-issuer
|
|
spec:
|
|
selfSigned: {}
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: {{ instance_name }}-ca-cert
|
|
spec:
|
|
# Secret names are always required.
|
|
secretName: {{ instance_name }}-ca-cert
|
|
duration: 87600h # 10y
|
|
renewBefore: 360h # 15d
|
|
isCA: true
|
|
privateKey:
|
|
size: 2048
|
|
algorithm: RSA
|
|
encoding: PKCS1
|
|
commonName: cacert
|
|
# At least one of a DNS Name, URI, or IP address is required.
|
|
dnsNames:
|
|
- caroot
|
|
# Issuer references are always required.
|
|
issuerRef:
|
|
name: {{ instance_name }}-selfsigned-issuer
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Issuer
|
|
metadata:
|
|
name: {{ instance_name }}-ca-issuer
|
|
spec:
|
|
ca:
|
|
secretName: {{ instance_name }}-ca-cert
|