| --- |
| apiVersion: cert-manager.io/v1alpha2 |
| kind: Issuer |
| metadata: |
| name: selfsigned-issuer |
| namespace: cert-manager |
| spec: |
| selfSigned: {} |
| --- |
| apiVersion: cert-manager.io/v1alpha2 |
| kind: Certificate |
| metadata: |
| name: ca-cert |
| namespace: cert-manager |
| spec: |
| # Secret names are always required. |
| secretName: ca-cert |
| duration: 87600h # 10y |
| renewBefore: 360h # 15d |
| isCA: true |
| keySize: 2048 |
| keyAlgorithm: rsa |
| keyEncoding: pkcs1 |
| commonName: cacert |
| # At least one of a DNS Name, URI, or IP address is required. |
| dnsNames: |
| - caroot |
| # Issuer references are always required. |
| issuerRef: |
| name: selfsigned-issuer |
| --- |
| apiVersion: cert-manager.io/v1alpha2 |
| kind: ClusterIssuer |
| metadata: |
| name: ca-issuer |
| namespace: cert-manager |
| spec: |
| ca: |
| secretName: ca-cert |