hyperauth_certs.yaml

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: hyperauth-certificate
  namespace: hyperauth
spec:
  secretName: hyperauth-https-secret
  duration: 8760h # 360d=1y
  renewBefore: 720h # 30d
  isCA: false
  usages:
    - digital signature
    - key encipherment
    - server auth
    - client auth
  ipAddresses:
    - {HYPERAUTH_EXTERNAL_IP}  
  dnsNames:
    - {HYPERAUTH_EXTERNAL_DNS}
    - tmax-cloud
  issuerRef:
    kind: ClusterIssuer
    group: cert-manager.io
    name: tmaxcloud-issuer
    
---

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: hyperauth-kafka-jks-certificate
  namespace: hyperauth
spec:
  secretName: hyperauth-kafka-jks
  commonName: hyperauth
  isCA: false
  keySize: 2048
  duration: 8760h # 360d=1y
  renewBefore: 720h # 30d
  keyAlgorithm: rsa
  keyEncoding: pkcs1
  keystores:
    jks:
      create: true
      passwordSecretRef: # Password used to encrypt the keystore
        key: CERTS_PASSWORD
        name: passwords
  usages:
    - digital signature
    - key encipherment
    - server auth
  issuerRef:
    name: tmaxcloud-issuer
    kind: ClusterIssuer
    group: cert-manager.io
    
---

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: kafka-broker-jks-certificate
  namespace: hyperauth
spec:
  secretName: kafka-jks
  commonName: kafka
  dnsNames:
    - kafka-kafka-bootstrap.hyperauth
    - "*.kafka-kafka-brokers.hyperauth.svc"
    - "*.hyperauth"
    - tmax-cloud
  isCA: false
  keySize: 2048
  duration: 8760h # 360d=1y
  renewBefore: 720h # 30d
  keyAlgorithm: rsa
  keyEncoding: pkcs1
  keystores:
    jks:
      create: true
      passwordSecretRef: # Password used to encrypt the keystore
        key: CERTS_PASSWORD
        name: passwords
  usages:
    - digital signature
    - key encipherment
    - server auth
  issuerRef:
    name: tmaxcloud-issuer
    kind: ClusterIssuer
    group: cert-manager.io