service-exposure/keycloak-server-certificate.yaml

#
# ============LICENSE_START=======================================================
#  Copyright (C) 2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
#
apiVersion: v1
kind: Secret
metadata:
  name: cm-keycloak-jwk-pw
  namespace:  default
type: Opaque
data:
  password: Y2hhbmdlaXQ=
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: keycloak-server-cert
  namespace: default
spec:
  secretName: cm-keycloak-server-certs
  duration: 2160h # 90d
  renewBefore: 360h # 15d
  subject:
    organizations:
      - oran
    organizationalUnits:
      - oran
    countries:
      - IE
    localities:
      - Dublin
    streetAddresses:
      - Main Street
  commonName: keycloak
  isCA: false
  keystores:
    jks:
      create: true
      passwordSecretRef:
        name: cm-keycloak-jwk-pw
        key: password
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048
  usages:
    - server auth
  dnsNames:
    - keycloak.default
    - keycloak
    - keycloak.est.tech
  emailAddresses:
    - server@mail.com
  issuerRef:
    name: cm-ca-issuer
    kind: Issuer
    group: cert-manager.io