27 lines
810 B
YAML
27 lines
810 B
YAML
# Self-signed Issuer for webhook TLS.
|
|
# For production, replace with a ClusterIssuer backed by a real CA.
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Issuer
|
|
metadata:
|
|
name: selfsigned-issuer
|
|
spec:
|
|
selfSigned: {}
|
|
---
|
|
# cert-manager Certificate for the webhook TLS.
|
|
# The resulting Secret (gitlab-sizer-webhook-tls) is mounted into the webhook pod.
|
|
# cert-manager also injects the CA into the MutatingWebhookConfiguration via the
|
|
# cert-manager.io/inject-ca-from annotation.
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: gitlab-sizer-webhook-cert
|
|
spec:
|
|
secretName: gitlab-sizer-webhook-tls
|
|
issuerRef:
|
|
name: selfsigned-issuer
|
|
kind: Issuer
|
|
dnsNames:
|
|
- gitlab-sizer-webhook.ci-sizer.svc
|
|
- gitlab-sizer-webhook.ci-sizer.svc.cluster.local
|
|
duration: 8760h
|
|
renewBefore: 720h
|