blob: 2cc1c06d2a0641ccd1dc73d324a204b3342023ae [file] [log] [blame]
---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: selfsigned-issuer
namespace: cert-manager
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: ca-cert
namespace: cert-manager
spec:
# Secret names are always required.
secretName: ca-cert
duration: 87600h # 10y
renewBefore: 360h # 15d
isCA: true
keySize: 2048
keyAlgorithm: rsa
keyEncoding: pkcs1
commonName: cacert
# At least one of a DNS Name, URI, or IP address is required.
dnsNames:
- caroot
# Issuer references are always required.
issuerRef:
name: selfsigned-issuer
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: ca-issuer
namespace: cert-manager
spec:
ca:
secretName: ca-cert