cert-manager:

  installCRDs: true

  global:
    leaderElection:
      namespace: cert-manager

  prometheus:
    enabled: true

  resources:
    requests:
      cpu: 10m
      memory: 32Mi
    limits:
      cpu: 100m
      memory: 128Mi

  webhook:
    resources:
      requests:
        cpu: 10m
        memory: 32Mi
      limits:
        cpu: 100m
        memory: 128Mi

  cainjector:
    resources:
      requests:
        cpu: 10m
        memory: 32Mi
      limits:
        cpu: 100m
        memory: 128Mi



  extraObjects:
    - |
      apiVersion: cert-manager.io/v1
      kind: ClusterIssuer
      metadata:
        name: selfsigned-issuer
      spec:
        selfSigned: {}

    # CA Certificate (acts as root CA)
    - |
      apiVersion: cert-manager.io/v1
      kind: Certificate
      metadata:
        name: selfsigned-ca
        namespace: cert-manager
      spec:
        isCA: true
        commonName: noxxos.nl
        secretName: selfsigned-ca-secret
        privateKey:
          algorithm: ECDSA
          size: 256
        issuerRef:
          name: selfsigned-issuer
          kind: ClusterIssuer

    # CA ClusterIssuer (uses the CA cert above)
    - |
      apiVersion: cert-manager.io/v1
      kind: ClusterIssuer
      metadata:
        name: ca-issuer
      spec:
        ca:
          secretName: selfsigned-ca-secret

    # Wildcard certificate for *.noxxos.nl
    - |
      apiVersion: cert-manager.io/v1
      kind: Certificate
      metadata:
        name: wildcard-noxxos-nl
        namespace: cert-manager
      spec:
        secretName: wildcard-noxxos-nl-tls
        issuerRef:
          name: ca-issuer
          kind: ClusterIssuer
        dnsNames:
          - "*.noxxos.nl"
          - "noxxos.nl"
        duration: 2160h # 90 days
        renewBefore: 360h # 15 days