apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: t2-107421-xyz-ssl
  namespace: kube-system
spec:
  # Secret names are always required.
  secretName: t2-107421-xyz-tls

  # secretTemplate is optional. If set, these annotations and labels will be
  # copied to the Secret named example-com-tls. These labels and annotations will
  # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate
  # is also enforced, so relevant label and annotation changes on the Secret by a
  # third party will be overwriten by cert-manager to match the secretTemplate.
#  secretTemplate:
#    annotations:
#      my-secret-annotation-1: "foo"
#      my-secret-annotation-2: "bar"
#    labels:
#      my-secret-label: foo

  duration: 2160h # 90d
  renewBefore: 120h # 5d
  subject:
    organizations:
      - wdd.io
  isCA: false
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048
    rotationPolicy: Always
#  usages:
#    - server auth
#    - client auth
  # At least one of a DNS Name, URI, or IP address is required.
  dnsNames:
    - t2.107421.xyz
#  uris:
#    - spiffe://cluster.local/ns/sandbox/sa/example
#  ipAddresses:
#    - 140.238.52.228
  # Issuer references are always required.
  issuerRef:
    name: cm-cloudflare-7421
    # We can reference ClusterIssuers by changing the kind here.
    # The default value is Issuer (i.e. a locally namespaced Issuer)
    kind: ClusterIssuer
    # This is optional since cert-manager will default to this value however
    # if you are using an external issuer, change this to that issuer group.
    group: cert-manager.io