certificate.yaml

#
#  Author: Hari Sekhon
#  Date: [% DATE  # 2020-12-10 18:16:54 +0000 (Thu, 10 Dec 2020) %]
#
#  vim:ts=2:sts=2:sw=2:et
#  lint: k8s
#
#  https://github.com/HariSekhon/Kubernetes-configs
#
#  License: see accompanying Hari Sekhon LICENSE file
#
#  If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
#
#  https://www.linkedin.com/in/HariSekhon
#

# ============================================================================ #
#              C e r t   M a n a g e r   -   C e r t i f i c a t e
# ============================================================================ #

# https://cert-manager.io/docs/concepts/certificate/

# https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.Certificate

# See ingress.yaml rather than create your own certs manually like this
#
# You probably only need to use this for ingress CRDs not recognized by Cert Manager such as Traefik IngressRoute

---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  # XXX: set this
  name: NAME
  namespace: NAMESPACE
spec:
  # tls.key and tls.crt will be stored in this k8s secret in the same namespace
  # XXX: set this
  secretName: NAME-tls

  # must provide at least one DNS Name, URI or IP address
  #
  # Subject Alternative Names for the cert to support
  dnsNames:
    # XXX: set this
    - FOO.DOMAIN.COM
    - BAR.DOMAIN.COM
    #uris:
    #- spiffe://cluster.local/ns/sandbox/sa/example
    #ipAddresses:
    #- 192.168.0.5
  issuerRef:
    group: cert-manager.io
    # default, locally namespaced
    #kind: Issuer
    kind: ClusterIssuer
    # if using kind: Issuer this issuer must exist in the same namespace as this certificate object
    # otherwise specify kind: ClusterIssuer above
    # XXX: the Cert Issuer name - should match issuer.yaml
    name: letsencrypt