cert-manager: Add Pyrocufflink wildcard cert

The wildcard certificate for the *pyrocufflink.net* and
*pyrocufflink.blue* domains is now handled by *cert-manager* and saved
to *certs.git* by `cert-exporter.

cert-manager/certificates.yaml

@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: pyrocufflink-cert
+spec:
+  secretName: pyrocufflink-cert
+  dnsNames:
+  - '*.pyrocufflink.blue'
+  - '*.pyrocufflink.net'
+  - pyrocufflink.blue
+  - pyrocufflink.net
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: zerossl
+  privateKey:
+    algorithm: ECDSA
+    rotationPolicy: Always

cert-manager/kustomization.yaml

@@ -4,6 +4,7 @@ kind: Kustomization
 resources:
 - cert-manager.yaml
 - cluster-issuer.yaml
+- certificates.yaml
 
 secretGenerator:
 - name: cert-manager-tsig