argocd/helm/certificates/ops/templates/certificate-ca-root.yaml

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: ca-root-certificate
  namespace: certificates-ops
spec:
  # Ce certificat génère la CA root de votre PKI interne
  secretName: ca-root-secret
  issuerRef:
    name: ca-root-issuer
    kind: ClusterIssuer
  commonName: "GK Domaine Internal CA Root"
  dnsNames:
    - "gkdomaine.local"
    - "*.gkdomaine.local"
    - "*.dev.gkdomaine.local"
    - "*.rct.gkdomaine.local"
    - "*.prd.gkdomaine.local"
  isCA: true
  duration: 87600h  # 10 ans
  usages:
    - signing
    - key encipherment
    - cert sign
    - crl sign