X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=service-exposure%2Fkeycloak-client-certificate.yaml;fp=service-exposure%2Fkeycloak-client-certificate.yaml;h=9dbd3278357375d0a7e3f74c8cbd7dc89731a087;hb=c5c3ab4b177f4ab134746045288b93ce3ec9e4e0;hp=0000000000000000000000000000000000000000;hpb=d03286355ba8f11aacabbee178fe5cb084be7b51;p=nonrtric.git

diff --git a/service-exposure/keycloak-client-certificate.yaml b/service-exposure/keycloak-client-certificate.yaml
new file mode 100644
index 00000000..9dbd3278
--- /dev/null
+++ b/service-exposure/keycloak-client-certificate.yaml
@@ -0,0 +1,57 @@
+#
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: keycloak-client-cert
+  namespace: default
+spec:
+  secretName: cm-keycloak-client-certs
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  subject:
+    organizations:
+      - oran
+    organizationalUnits:
+      - oran
+    countries:
+      - IE
+    localities:
+      - Dublin
+    streetAddresses:
+      - Main Street
+  commonName: keycloak
+  isCA: false
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+  usages:
+    - client auth
+  dnsNames:
+    - keycloak.default
+    - keycloak
+    - keycloak.est.tech
+  emailAddresses:
+    - client@mail.com
+  issuerRef:
+    name: cm-ca-issuer
+    kind: Issuer
+    group: cert-manager.io