apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: adguard-home-cert
  namespace: cert-manager
spec:
  # Secret names are always required.
  secretName: adguard-home.cluster.edward.sydney-tls

  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048

  # keystores allows adding additional output formats. This is an example for reference only.
  keystores:
    pkcs12:
      create: true
      passwordSecretRef:
        name: cert-manager-tls-keystore
        key: ${cert_manager_tls_keystore_password}
      profile: Modern2023

  duration: 2160h # 90d
  renewBefore: 360h # 15d

  isCA: false
  usages:
    - server auth
    - client auth

  subject:
    organizations:
      - edward.sydney

  # The literalSubject field is exclusive with subject and commonName. It allows
  # specifying the subject directly as a string. This is useful for when the order
  # of the subject fields is important or when the subject contains special types
  # which can be specified by their OID.
  #
  # literalSubject: "O=jetstack, CN=example.com, 2.5.4.42=John, 2.5.4.4=Doe"

  # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required.
  dnsNames:
    - "adguard-home.cluster.edward.sydney"
    - "*.adguard-home.cluster.edward.sydney"
  emailAddresses:
    - edward@cheng.sydney
  ipAddresses:
    - 192.168.0.180

  # Issuer references are always required.
  issuerRef:
    name: clusterissuer
    # We can reference ClusterIssuers by changing the kind here.
    # The default value is Issuer (i.e. a locally namespaced Issuer)
    kind: ClusterIssuer
    # This is optional since cert-manager will default to this value however
    # if you are using an external issuer, change this to that issuer group.
    group: cert-manager.io