apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: postgresql-ca-issuer spec: selfSigned: {} --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: postgresql-ca spec: isCA: true commonName: PostgreSQL CA secretName: postgresql-ca duration: 96360h privateKey: algorithm: ECDSA size: 256 issuerRef: name: postgresql-ca-issuer kind: Issuer group: cert-manager.io --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: postgresql-issuer spec: ca: secretName: postgresql-ca --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: default spec: secretName: default-cert dnsNames: - default.postgresql.svc.cluster.local - default.postgresql.svc - default.postgresql - default issuerRef: group: cert-manager.io kind: Issuer name: postgresql-issuer privateKey: algorithm: ECDSA rotationPolicy: Always