Add support for cert-manager

[nonrtric.git] / service-exposure / keycloak-client-certificate.yaml

diff --git a/service-exposure/keycloak-client-certificate.yaml b/service-exposure/keycloak-client-certificate.yaml
new file mode 100644 (file)
index 0000000..9dbd327
--- /dev/null
+++ b/service-exposure/keycloak-client-certificate.yaml
@@ -0,0 +1,57 @@
+#
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: keycloak-client-cert
+  namespace: default
+spec:
+  secretName: cm-keycloak-client-certs
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  subject:
+    organizations:
+      - oran
+    organizationalUnits:
+      - oran
+    countries:
+      - IE
+    localities:
+      - Dublin
+    streetAddresses:
+      - Main Street
+  commonName: keycloak
+  isCA: false
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+  usages:
+    - client auth
+  dnsNames:
+    - keycloak.default
+    - keycloak
+    - keycloak.est.tech
+  emailAddresses:
+    - client@mail.com
+  issuerRef:
+    name: cm-ca-issuer
+    kind: Issuer
+    group: cert-manager.io