证书管理 #

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: selfsigned-issuer
  namespace: default
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: ca-certificate
  namespace: default
spec:
  secretName: ca-cert
  duration: 9000h # ~1year
  renewBefore: 360h # 15d
  commonName: infinilabs
  isCA: true
  privateKey:
    size: 2048
  usages:
    - digital signature
    - key encipherment
  issuerRef:
    name: selfsigned-issuer
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: ca-issuer
  namespace: default
spec:
  ca:
    secretName: ca-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: easysearch-certs
  namespace: default
spec:
  secretName: easysearch-certs
  duration: 9000h # ~1year
  renewBefore: 360h # 15d
  isCA: false
  privateKey:
    size: 2048
    algorithm: RSA
    encoding: PKCS8
  dnsNames:
    - threenodes
    - threenodes-masters-0
    - threenodes-masters-1
    - threenodes-masters-2
    - threenodes-masters-3
    - threenodes-masters-4
    - threenodes-bootstrap-0
  usages:
    - signing
    - key encipherment
    - server auth
    - client auth
  commonName: infinilabs
  issuerRef:
    name: ca-issuer
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: easysearch-admin-certs
  namespace: default
spec:
  secretName: easysearch-admin-certs
  duration: 9000h # ~1year
  renewBefore: 360h # 15d
  isCA: false
  privateKey:
    size: 2048
    algorithm: RSA
    encoding: PKCS8
  commonName: infinilabs
  usages:
    - signing
    - key encipherment
    - server auth
    - client auth
  issuerRef:
    name: ca-issuer