apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: koti-ca
  namespace: default
spec:
  isCA: true
  commonName: koti-ca
  secretName: koti-ca
  duration: 87600h # 10 years
  renewBefore: 78840h # 9 years
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: root-issuer
    kind: Issuer
    group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: root-issuer
  namespace: default
spec:
  selfSigned: {}