apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: selfsigned
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: server-selfsigned-ca
spec:
  isCA: true
  commonName: Vault Server CA
  secretName: server-ca
  duration: 87660h # 10 years
  privateKey:
    algorithm: RSA
    size: 4096
  issuerRef:
    name: selfsigned
    kind: Issuer
    group: cert-manager.io
  additionalOutputFormats:
    - type: CombinedPEM
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: server-ca-issuer
spec:
  ca:
    secretName: server-ca