k8s/certmanager.yaml - zuul/ops - Git at Google

 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
   name: selfsigned-issuer
   namespace: cert-manager
 spec:
   selfSigned: {}
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: ca-cert
   namespace: cert-manager
 spec:
   isCA: true
   commonName: cacert
   # Secret names are always required.
   secretName: ca-cert
   privateKey:
     algorithm: RSA
     encoding: PKCS1
     size: 2048
   duration: 87600h # 10y
   renewBefore: 360h # 15d
   # At least one of a DNS Name, URI, or IP address is required.
   dnsNames:
   - caroot
   # Issuer references are always required.
   issuerRef:
     name: selfsigned-issuer
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: ca-issuer
   namespace: cert-manager
 spec:
   ca:
     secretName: ca-cert
	---
	apiVersion: cert-manager.io/v1
	kind: Issuer
	metadata:
	name: selfsigned-issuer
	namespace: cert-manager
	spec:
	selfSigned: {}
	---
	apiVersion: cert-manager.io/v1
	kind: Certificate
	metadata:
	name: ca-cert
	namespace: cert-manager
	spec:
	isCA: true
	commonName: cacert
	# Secret names are always required.
	secretName: ca-cert
	privateKey:
	algorithm: RSA
	encoding: PKCS1
	size: 2048
	duration: 87600h # 10y
	renewBefore: 360h # 15d
	# At least one of a DNS Name, URI, or IP address is required.
	dnsNames:
	- caroot
	# Issuer references are always required.
	issuerRef:
	name: selfsigned-issuer
	---
	apiVersion: cert-manager.io/v1
	kind: ClusterIssuer
	metadata:
	name: ca-issuer
	namespace: cert-manager
	spec:
	ca:
	secretName: ca-cert