Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
apiVersion: v1
kind: Namespace
metadata:
name: istio-system
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: my-selfsigned-ca
namespace: istio-system
spec:
isCA: true
commonName: my-selfsigned-ca
secretName: root-secret
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: selfsigned-issuer
kind: ClusterIssuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: my-ca-issuer
namespace: istio-system
spec:
ca:
secretName: root-secret
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: my-selfsigned-cert
namespace: istio-system
spec:
commonName: my-selfsigned-cert
dnsNames:
- '*.example.com'
duration: 2160h0m0s
issuerRef:
name: selfsigned-issuer
kind: ClusterIssuer
group: cert-manager.io
privateKey:
algorithm: RSA
encoding: PKCS8
size: 4096
renewBefore: 360h0m0s
secretName: tls-secret
subject:
organizations:
- pulsar
usages:
- server auth
- client auth
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment