--- | |
apiVersion: cert-manager.io/v1alpha2 | |
kind: Issuer | |
metadata: | |
name: selfsigned-issuer | |
namespace: cert-manager | |
spec: | |
selfSigned: {} | |
--- | |
apiVersion: cert-manager.io/v1alpha2 | |
kind: Certificate | |
metadata: | |
name: ca-cert | |
namespace: cert-manager | |
spec: | |
# Secret names are always required. | |
secretName: ca-cert | |
duration: 87600h # 10y | |
renewBefore: 360h # 15d | |
isCA: true | |
keySize: 2048 | |
keyAlgorithm: rsa | |
keyEncoding: pkcs1 | |
commonName: cacert | |
# At least one of a DNS Name, URI, or IP address is required. | |
dnsNames: | |
- caroot | |
# Issuer references are always required. | |
issuerRef: | |
name: selfsigned-issuer | |
--- | |
apiVersion: cert-manager.io/v1alpha2 | |
kind: ClusterIssuer | |
metadata: | |
name: ca-issuer | |
namespace: cert-manager | |
spec: | |
ca: | |
secretName: ca-cert |