# SPDX-FileCopyrightText: 2019 SAP SE or an SAP affiliate company and Gardener contributors
#
# SPDX-License-Identifier: Apache-2.0

apiVersion: cert.gardener.cloud/v1alpha1
kind: Certificate
metadata:
  annotations:
    # class annotation only needed if cert-controller-manager is started with --cert-class=myclass
    #cert.gardener.cloud/class: myclass
  name: cert-simple
  namespace: default
spec:
  commonName: cert1.mydomain.com
  dnsNames:
  - cert1.my-other-domain.com
  # if issuer is not specified, the default issuer is used
  issuerRef:
    name: issuer-staging
    # for shoot issuers, the namespace must be specified
    #namespace: my-ns
  # optionally specify secret to store certificate
  secretRef:
    name: cert-simple-secret
    namespace: default
  # optionally set labels for the secret
  #secretLabels:
  #  key1: value1
  #  key2: value2

  # If delegated domain for DNS01 challenge should be used. This has only an effect if a CNAME record is set for
  # either '_acme-challenge.cert1.mydomain.com' or '_acme-challenge.cert1.my-other-domain.com'.
  # For example: If a CNAME record exists '_acme-challenge.cert1.mydomain.com' => '_acme-challenge.writable.domain.com',
  # the DNS challenge will be written to '_acme-challenge.writable.domain.com'.
  #  followCNAME: true

  # Optionally specify the preferred certificate chain: if the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used.
  #  preferredChain: "ISRG Root X1"

  # Optionally specify algorithm and key size for private key
  #  privateKey:
  #    algorithm: ECDSA
  #    size: 384