54 lines
1.2 KiB
YAML
54 lines
1.2 KiB
YAML
---
|
|
# Self-signed ClusterIssuer for internal TLS certificates
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Issuer
|
|
metadata:
|
|
name: pixelfed-selfsigned-issuer
|
|
namespace: pixelfed-application
|
|
spec:
|
|
selfSigned: {}
|
|
---
|
|
# CA Certificate for internal use
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: pixelfed-ca-cert
|
|
namespace: pixelfed-application
|
|
spec:
|
|
secretName: pixelfed-ca-secret
|
|
commonName: "Pixelfed Internal CA"
|
|
isCA: true
|
|
issuerRef:
|
|
name: pixelfed-selfsigned-issuer
|
|
kind: Issuer
|
|
group: cert-manager.io
|
|
---
|
|
# CA Issuer using the generated CA
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Issuer
|
|
metadata:
|
|
name: pixelfed-ca-issuer
|
|
namespace: pixelfed-application
|
|
spec:
|
|
ca:
|
|
secretName: pixelfed-ca-secret
|
|
---
|
|
# Internal TLS Certificate for pixelfed backend
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: pixelfed-internal-tls
|
|
namespace: pixelfed-application
|
|
spec:
|
|
secretName: pixelfed-internal-tls-secret
|
|
commonName: pixelfed.keyboardvagabond.com
|
|
dnsNames:
|
|
- pixelfed.keyboardvagabond.com
|
|
- pixelfed-web.pixelfed-application.svc.cluster.local
|
|
- pixelfed-web
|
|
- localhost
|
|
issuerRef:
|
|
name: pixelfed-ca-issuer
|
|
kind: Issuer
|
|
group: cert-manager.io
|