dwilliams782/linkerd-full-cert-bundle.yaml

## linkerd-full-cert-bundle.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: linkerd-self-signed-issuer
  namespace: cert-manager
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: linkerd-trust-anchor
  namespace: cert-manager
spec:
  isCA: true
  duration: 87660h # 10 years
  renewBefore: 360h # 15 days
  commonName: root.linkerd.cluster.local
  secretName: linkerd-identity-trust-roots
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: linkerd-self-signed-issuer
    kind: ClusterIssuer
    group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: linkerd-trust-anchor
  namespace: cert-manager
spec:
  ca:
    secretName: linkerd-identity-trust-roots
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: linkerd-identity-issuer
  namespace: linkerd
spec:
  secretName: linkerd-identity-issuer
  duration: 8766h # 1 year
  renewBefore: 720h # 30 days
  issuerRef:
    name: linkerd-trust-anchor
    kind: ClusterIssuer
  commonName: identity.linkerd.cluster.local
  dnsNames:
    - identity.linkerd.cluster.local
  isCA: true
  privateKey:
    algorithm: ECDSA
  usages:
    - cert sign
    - crl sign
    - server auth
    - client auth
---
apiVersion: trust.cert-manager.io/v1alpha1
kind: Bundle
metadata:
  name: linkerd-identity-trust-roots
spec:
  sources:
    - secret:
        name: "linkerd-identity-trust-roots"
        key: "ca.crt"
  target:
    configMap:
      key: "ca-bundle.crt"
	apiVersion: cert-manager.io/v1
	kind: ClusterIssuer
	metadata:
	name: linkerd-self-signed-issuer
	namespace: cert-manager
	spec:
	selfSigned: {}
	---
	apiVersion: cert-manager.io/v1
	kind: Certificate
	metadata:
	name: linkerd-trust-anchor
	namespace: cert-manager
	spec:
	isCA: true
	duration: 87660h # 10 years
	renewBefore: 360h # 15 days
	commonName: root.linkerd.cluster.local
	secretName: linkerd-identity-trust-roots
	privateKey:
	algorithm: ECDSA
	size: 256
	issuerRef:
	name: linkerd-self-signed-issuer
	kind: ClusterIssuer
	group: cert-manager.io
	---
	apiVersion: cert-manager.io/v1
	kind: ClusterIssuer
	metadata:
	name: linkerd-trust-anchor
	namespace: cert-manager
	spec:
	ca:
	secretName: linkerd-identity-trust-roots
	---
	apiVersion: cert-manager.io/v1
	kind: Certificate
	metadata:
	name: linkerd-identity-issuer
	namespace: linkerd
	spec:
	secretName: linkerd-identity-issuer
	duration: 8766h # 1 year
	renewBefore: 720h # 30 days
	issuerRef:
	name: linkerd-trust-anchor
	kind: ClusterIssuer
	commonName: identity.linkerd.cluster.local
	dnsNames:
	- identity.linkerd.cluster.local
	isCA: true
	privateKey:
	algorithm: ECDSA
	usages:
	- cert sign
	- crl sign
	- server auth
	- client auth
	---
	apiVersion: trust.cert-manager.io/v1alpha1
	kind: Bundle
	metadata:
	name: linkerd-identity-trust-roots
	spec:
	sources:
	- secret:
	name: "linkerd-identity-trust-roots"
	key: "ca.crt"
	target:
	configMap:
	key: "ca-bundle.crt"