51 lines
1.6 KiB
YAML
51 lines
1.6 KiB
YAML
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: t2-107421-xyz-ssl
|
|
namespace: kube-system
|
|
spec:
|
|
# Secret names are always required.
|
|
secretName: t2-107421-xyz-tls
|
|
|
|
# secretTemplate is optional. If set, these annotations and labels will be
|
|
# copied to the Secret named example-com-tls. These labels and annotations will
|
|
# be re-reconciled if the Certificate's secretTemplate changes. secretTemplate
|
|
# is also enforced, so relevant label and annotation changes on the Secret by a
|
|
# third party will be overwriten by cert-manager to match the secretTemplate.
|
|
# secretTemplate:
|
|
# annotations:
|
|
# my-secret-annotation-1: "foo"
|
|
# my-secret-annotation-2: "bar"
|
|
# labels:
|
|
# my-secret-label: foo
|
|
|
|
duration: 2160h # 90d
|
|
renewBefore: 120h # 5d
|
|
subject:
|
|
organizations:
|
|
- wdd.io
|
|
isCA: false
|
|
privateKey:
|
|
algorithm: RSA
|
|
encoding: PKCS1
|
|
size: 2048
|
|
rotationPolicy: Always
|
|
# usages:
|
|
# - server auth
|
|
# - client auth
|
|
# At least one of a DNS Name, URI, or IP address is required.
|
|
dnsNames:
|
|
- t2.107421.xyz
|
|
# uris:
|
|
# - spiffe://cluster.local/ns/sandbox/sa/example
|
|
# ipAddresses:
|
|
# - 140.238.52.228
|
|
# Issuer references are always required.
|
|
issuerRef:
|
|
name: cm-cloudflare-7421
|
|
# We can reference ClusterIssuers by changing the kind here.
|
|
# The default value is Issuer (i.e. a locally namespaced Issuer)
|
|
kind: ClusterIssuer
|
|
# This is optional since cert-manager will default to this value however
|
|
# if you are using an external issuer, change this to that issuer group.
|
|
group: cert-manager.io |