apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned-issuer
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: my-selfsigned-ca
  namespace: default
spec:
  isCA: true
  commonName: my-selfsigned-ca
  secretName: root-secret
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: selfsigned-issuer
    kind: ClusterIssuer
    group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: selfsigned-ca
  namespace: default
spec:
  ca:
    secretName: root-secret
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: test-ellenjoe-within-lgbt
  namespace: default
spec:
  secretName: test-ellenjoe-within-lgbt-tls
  duration: 2160h # 90d
  renewBefore: 360h # 15d
  usages:
    - digital signature
    - key encipherment
  dnsNames:
    - test.ellenjoe.within.lgbt
  issuerRef:
    name: "selfsigned-issuer"
    kind: ClusterIssuer
    group: cert-manager.io