23 lines
963 B
YAML
23 lines
963 B
YAML
|
apiVersion: v1
|
||
|
|
kind: Namespace
|
||
|
|
metadata:
|
||
|
|
name: cert-manager
|
||
|
|
---
|
||
|
|
# NOTE: Do NOT define cert-manager ServiceAccounts here!
|
||
|
|
# The ServiceAccounts (cert-manager, cert-manager-cainjector, cert-manager-webhook)
|
||
|
|
# are created by the upstream cert-manager installation (kubernetes_restart.sh).
|
||
|
|
# Redefining them here would strip their RBAC bindings and break authentication.
|
||
|
|
---
|
||
|
|
# Self-signed ClusterIssuer for bootstrapping the CA certificate chain
|
||
|
|
# This issuer is used to create the root CA certificate which then
|
||
|
|
# becomes the issuer for all other certificates in the cluster
|
||
|
|
apiVersion: cert-manager.io/v1
|
||
|
|
kind: ClusterIssuer
|
||
|
|
metadata:
|
||
|
|
name: selfsigned-issuer
|
||
|
|
spec:
|
||
|
|
selfSigned: {}
|
||
|
|
---
|
||
|
|
# Cert-manager installation using Helm repository
|
||
|
|
# This will be installed via kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml
|
||
|
|
# The actual installation will be done via command line, this file documents the resources
|