31 lines
778 B
YAML
31 lines
778 B
YAML
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: ca-root-certificate
|
|
namespace: certificates-ops
|
|
annotations:
|
|
# Ce certificat doit être créé en premier pour générer le secret ca-root-secret
|
|
# utilisé par le ClusterIssuer ca-issuer
|
|
argocd.argoproj.io/sync-wave: "0"
|
|
spec:
|
|
# Ce certificat génère la CA root de votre PKI interne
|
|
secretName: ca-root-secret
|
|
issuerRef:
|
|
name: ca-root-issuer
|
|
kind: ClusterIssuer
|
|
commonName: "GK Domaine Internal CA Root"
|
|
dnsNames:
|
|
- "gkdomaine.local"
|
|
- "*.gkdomaine.local"
|
|
- "*.dev.gkdomaine.local"
|
|
- "*.rct.gkdomaine.local"
|
|
- "*.prd.gkdomaine.local"
|
|
isCA: true
|
|
duration: 87600h # 10 ans
|
|
usages:
|
|
- signing
|
|
- key encipherment
|
|
- cert sign
|
|
- crl sign
|
|
|