kubernetes/postgresql/certificate.yaml

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: postgresql-ca-issuer
spec:
  selfSigned: {}

---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: postgresql-ca
spec:
  isCA: true
  commonName: PostgreSQL CA
  secretName: postgresql-ca
  duration: 96360h
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: postgresql-ca-issuer
    kind: Issuer
    group: cert-manager.io

---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: postgresql-issuer
spec:
  ca:
    secretName: postgresql-ca

---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: default
spec:
  secretName: default-cert
  dnsNames:
  - default.postgresql.svc.cluster.local
  - default.postgresql.svc
  - default.postgresql
  - default
  issuerRef:
    group: cert-manager.io
    kind: Issuer
    name: postgresql-issuer
  privateKey:
    algorithm: ECDSA
    rotationPolicy: Always