apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: server
spec:
  secretName: server-tls
  duration: 24h
  renewBefore: 144m # 10% of 24h
  dnsNames:
    - vault-0.vault-internal
    - vault-1.vault-internal
    - vault-2.vault-internal
    - vault-0.vault-internal.vault
    - vault-1.vault-internal.vault
    - vault-2.vault-internal.vault
    - vault-0.vault-internal.vault.svc
    - vault-1.vault-internal.vault.svc
    - vault-2.vault-internal.vault.svc
  issuerRef:
    name: server-ca-issuer
  commonName: Server Certificate