--- apiVersion: cert-manager.io/v1alpha2 kind: Issuer metadata: name: selfsigned-issuer spec: selfSigned: {} --- apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: name: ca-cert spec: # Secret names are always required. secretName: ca-cert duration: 87600h # 10y renewBefore: 360h # 15d isCA: true keySize: 2048 keyAlgorithm: rsa keyEncoding: pkcs1 commonName: cacert # At least one of a DNS Name, URI, or IP address is required. dnsNames: - caroot # Issuer references are always required. issuerRef: name: selfsigned-issuer --- apiVersion: cert-manager.io/v1alpha2 kind: Issuer metadata: name: ca-issuer spec: ca: secretName: ca-cert