一、官网

SelfSigned - cert-manager Documentation

二、例子

apiVersion: v1
kind: Namespace
metadata:name: sandbox
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:name: selfsigned-issuer
spec:selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:name: my-selfsigned-canamespace: cert-manager
spec:isCA: truecommonName: my-selfsigned-casecretName: root-secretprivateKey:algorithm: ECDSAsize: 256issuerRef:name: selfsigned-issuerkind: ClusterIssuergroup: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:name: my-ca-issuer
spec:ca:secretName: root-secret

解释：

        1、创建一个名叫自签名的CA根证书。

        2、并且创建一个用于给测试服务器颁发证书的cluster-issuer.

测试使用：
        1、创建服务器证书。

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:name: workmannamespace: ksyth
spec:dnsNames:- your.domain.issuerRef:group: cert-manager.iokind: ClusterIssuername: my-ca-issuer #指定你创建的来颁发CA证书的issuersecretName: sicau-edu-cn #指定你创建证书存放的secret名称

        2、验证

        

        3、访问测试验证