apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: imagepullsecrets-webhook-cert
  namespace: imagepullsecrets-system
spec:
  secretName: imagepullsecrets-webhook-certs
  duration: 2160h # 90d
  renewBefore: 360h # 15d
  subject:
    organizations:
      - imagepullsecrets-webhook
  isCA: false
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048
  usages:
    - digital signature
    - key encipherment
  dnsNames:
    - imagepullsecrets-webhook.imagepullsecrets-system.svc
    - imagepullsecrets-webhook.imagepullsecrets-system.svc.cluster.local
  issuerRef:
    name: selfsigned-cluster-issuer
    kind: ClusterIssuer
    group: cert-manager.io