From 16a268c9e7032396d5542a42e7c7a6d0b4ec79b6 Mon Sep 17 00:00:00 2001
From: Edward Cheng <edward@cheng.sydney>
Date: Thu, 20 Jun 2024 16:25:04 +1000
Subject: [PATCH] adguard-home certificate

---
 .../clusterissuer/adguard-home.yaml           | 60 +++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 kubernetes/apps/cert-manager/clusterissuer/adguard-home.yaml

diff --git a/kubernetes/apps/cert-manager/clusterissuer/adguard-home.yaml b/kubernetes/apps/cert-manager/clusterissuer/adguard-home.yaml
new file mode 100644
index 0000000..dfed93d
--- /dev/null
+++ b/kubernetes/apps/cert-manager/clusterissuer/adguard-home.yaml
@@ -0,0 +1,60 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: adguard-home-cert
+  namespace: cert-manager
+spec:
+  # Secret names are always required.
+  secretName: adguard-home_cluster_edward_sydney-tls
+
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+
+  # keystores allows adding additional output formats. This is an example for reference only.
+  keystores:
+    pkcs12:
+      create: true
+      passwordSecretRef:
+        name: cert-manager-tls-keystore
+        key: ${cert_manager_tls_keystore_password}
+      profile: Modern2023
+
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+
+  isCA: false
+  usages:
+    - server auth
+    - client auth
+
+  subject:
+    organizations:
+      - edward.sydney
+
+  # The literalSubject field is exclusive with subject and commonName. It allows
+  # specifying the subject directly as a string. This is useful for when the order
+  # of the subject fields is important or when the subject contains special types
+  # which can be specified by their OID.
+  #
+  # literalSubject: "O=jetstack, CN=example.com, 2.5.4.42=John, 2.5.4.4=Doe"
+
+  # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required.
+  dnsNames:
+    - "adguard-home.cluster.edward.sydney"
+    - "*.adguard-home.cluster.edward.sydney"
+  emailAddresses:
+    - edward@cheng.sydney
+  ipAddresses:
+    - 192.168.0.180
+
+  # Issuer references are always required.
+  issuerRef:
+    name: clusterissuer
+    # We can reference ClusterIssuers by changing the kind here.
+    # The default value is Issuer (i.e. a locally namespaced Issuer)
+    kind: ClusterIssuer
+    # This is optional since cert-manager will default to this value however
+    # if you are using an external issuer, change this to that issuer group.
+    group: cert-manager.io
\ No newline at end of file