add source code and readme

manifests/infrastructure/metrics-server/certificate.yaml

@@ -0,0 +1,50 @@
+---
+# Self-signed CA for metrics server (for internal cluster communication)
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: metrics-server-selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+# CA Certificate for metrics server
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: metrics-server-ca
+  namespace: metrics-server-system
+spec:
+  secretName: metrics-server-ca-secret
+  commonName: "metrics-server-ca"
+  isCA: true
+  issuerRef:
+    name: metrics-server-selfsigned-issuer
+    kind: ClusterIssuer
+---
+# CA Issuer using the generated CA
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: metrics-server-ca-issuer
+  namespace: metrics-server-system
+spec:
+  ca:
+    secretName: metrics-server-ca-secret
+---
+# TLS Certificate for metrics server
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: metrics-server-certs
+  namespace: metrics-server-system
+spec:
+  secretName: metrics-server-certs
+  issuerRef:
+    name: metrics-server-ca-issuer
+    kind: Issuer
+  commonName: metrics-server
+  dnsNames:
+  - metrics-server
+  - metrics-server.metrics-server-system
+  - metrics-server.metrics-server-system.svc
+  - metrics-server.metrics-server-system.svc.cluster.local