apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: mziesel-root-ca-issuer spec: selfSigned: {} --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: mziesel-ca spec: isCA: true commonName: mziesel-ca secretName: mziesel-root-secret privateKey: algorithm: ECDSA size: 256 issuerRef: name: mziesel-root-ca-issuer kind: ClusterIssuer group: cert-manager.io --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: mziesel-ca-issuer spec: ca: secretName: mziesel-root-secret --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: whoami.mziesel.nl-cert spec: secretName: whoami.mziesel.nl-secret issuerRef: name: mziesel-ca-issuer kind: ClusterIssuer dnsNames: - whoami.mziesel.nl ---