spec fields:
caRef(corev1.LocalObjectReference; optional) specifies name of a CA certificate. Used by intermediate CAs or leaf certificatesisCA(bool; optional) specifies whether certificate is a CA. Set to true for root or intermediate CA certificates. If set totrue, key usage will be set tox509.KeyUsageCertSignandx509.KeyUsageCRLSign, otherwise key usage is set tox509.KeyUsageKeyEnciphermentandx509.KeyUsageDigitalSignature.commonName(string; optional) specifies certificate's CN fieldorganization(string; optional) specifies certificate's Organization fieldalternativeNames(array of strings; optional) specifies certificate's alternative names field (IPs or DNS names)extendedKeyUsage(array of strings; optional) specifies certificate's extended key usage field (client_authandserver_authare supported options)duration(int64; optional) specifies number of days certificate will be valid from now. By default certificate expires in 365 days.secretTemplate
3072-bit RSA key backs each certificate.
Available variables:
$(certificate)$(privateKey)
Root CA certificate:
apiVersion: secretgen.k14s.io/v1alpha1
kind: Certificate
metadata:
name: root-ca-cert
spec:
isCA: true
Intermediate CA certificate:
apiVersion: secretgen.k14s.io/v1alpha1
kind: Certificate
metadata:
name: inter-ca-cert
spec:
isCA: true
caRef:
name: root-ca-cert
Leaf certificate:
apiVersion: secretgen.k14s.io/v1alpha1
kind: Certificate
metadata:
name: inter-ca-cert
spec:
caRef:
name: root-ca-cert
alternativeNames:
- app1.svc.cluster.local
Leaf certificate with custom secret projection:
apiVersion: secretgen.k14s.io/v1alpha1
kind: Certificate
metadata:
name: inter-ca-cert
spec:
caRef:
name: root-ca-cert
alternativeNames:
- app1.svc.cluster.local
secretTemplate:
stringData:
crt: $(certificate)
key: $(privateKey)