94 lines
1.8 KiB
YAML
94 lines
1.8 KiB
YAML
cert-manager:
|
|
|
|
installCRDs: true
|
|
|
|
global:
|
|
leaderElection:
|
|
namespace: cert-manager
|
|
|
|
prometheus:
|
|
enabled: true
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 32Mi
|
|
limits:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
|
|
webhook:
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 32Mi
|
|
limits:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
|
|
cainjector:
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 32Mi
|
|
limits:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
|
|
|
|
|
|
extraObjects:
|
|
- |
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: selfsigned-issuer
|
|
spec:
|
|
selfSigned: {}
|
|
|
|
# CA Certificate (acts as root CA)
|
|
- |
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: selfsigned-ca
|
|
namespace: cert-manager
|
|
spec:
|
|
isCA: true
|
|
commonName: noxxos.nl
|
|
secretName: selfsigned-ca-secret
|
|
privateKey:
|
|
algorithm: ECDSA
|
|
size: 256
|
|
issuerRef:
|
|
name: selfsigned-issuer
|
|
kind: ClusterIssuer
|
|
|
|
# CA ClusterIssuer (uses the CA cert above)
|
|
- |
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: ca-issuer
|
|
spec:
|
|
ca:
|
|
secretName: selfsigned-ca-secret
|
|
|
|
# Wildcard certificate for *.noxxos.nl
|
|
- |
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: wildcard-noxxos-nl
|
|
namespace: traefik
|
|
spec:
|
|
secretName: wildcard-noxxos-nl-tls
|
|
issuerRef:
|
|
name: ca-issuer
|
|
kind: ClusterIssuer
|
|
dnsNames:
|
|
- "*.noxxos.nl"
|
|
- "noxxos.nl"
|
|
duration: 2160h # 90 days
|
|
renewBefore: 360h # 15 days
|