---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned-issuer
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: gatekeeper-mutating-webhook-cert
  namespace: gatekeeper-system
spec:
  secretName: gatekeeper-mutating-webhook-server-cert
  duration: 2160h # 90 days
  renewBefore: 360h # 15 days
  subject:
    organizations:
      - gatekeeper
  commonName: gatekeeper-mutating-webhook-service.gatekeeper-system.svc
  dnsNames:
    - gatekeeper-mutating-webhook-service
    - gatekeeper-mutating-webhook-service.gatekeeper-system
    - gatekeeper-mutating-webhook-service.gatekeeper-system.svc
  issuerRef:
    name: selfsigned-issuer
    kind: ClusterIssuer
    group: cert-manager.io
  usages:
    - server auth
    - client auth