add pki

helm/certificates/ops/templates/certificate-ca-root.yaml

@@ -0,0 +1,26 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ca-root-certificate
+  namespace: certificates-ops
+spec:
+  # Ce certificat génère la CA root de votre PKI interne
+  secretName: ca-root-secret
+  issuerRef:
+    name: ca-root-issuer
+    kind: ClusterIssuer
+  commonName: "GK Domaine Internal CA Root"
+  dnsNames:
+    - "gkdomaine.local"
+    - "*.gkdomaine.local"
+    - "*.dev.gkdomaine.local"
+    - "*.rct.gkdomaine.local"
+    - "*.prd.gkdomaine.local"
+  isCA: true
+  duration: 87600h  # 10 ans
+  usages:
+    - signing
+    - key encipherment
+    - cert sign
+    - crl sign
+