hydra-maester/config/certmanager/certificate.yaml

# The following manifests contain a self-signed issuer CR and a certificate CR.
# More document can be found at https://docs.cert-manager.io
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
  name: selfsigned-issuer
  namespace: system
spec:
  selfSigned: {}
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
  namespace: system
spec:
  # $(SERVICENAME) and $(NAMESPACE) will be substituted by kustomize
  commonName: $(SERVICENAME).$(NAMESPACE).svc
  dnsNames:
  - $(SERVICENAME).$(NAMESPACE).svc.cluster.local
  issuerRef:
    kind: Issuer
    name: selfsigned-issuer
  secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize
scaffold controller 2019-08-21 10:12:07 +02:00			`# The following manifests contain a self-signed issuer CR and a certificate CR.`
			`# More document can be found at https://docs.cert-manager.io`
			`apiVersion: certmanager.k8s.io/v1alpha1`
			`kind: Issuer`
			`metadata:`
			`name: selfsigned-issuer`
			`namespace: system`
			`spec:`
			`selfSigned: {}`
			`---`
			`apiVersion: certmanager.k8s.io/v1alpha1`
			`kind: Certificate`
			`metadata:`
			`name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml`
			`namespace: system`
			`spec:`
			`# $(SERVICENAME) and $(NAMESPACE) will be substituted by kustomize`
			`commonName: $(SERVICENAME).$(NAMESPACE).svc`
			`dnsNames:`
			`- $(SERVICENAME).$(NAMESPACE).svc.cluster.local`
			`issuerRef:`
			`kind: Issuer`
			`name: selfsigned-issuer`
			`secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize`