apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: ca
spec:
  isCA: true
  commonName: keycloak-pki-ca
  secretName: ca
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: selfsigned
    kind: ClusterIssuer
    group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: keycloak
spec:
  ca:
    secretName: ca
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: keycloak-frontend
spec:
  issuerRef:
    name: keycloak
  secretName: keycloak-frontend
  dnsNames:
  - keycloak.keycloak.svc.cluster.local
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: database
spec:
  issuerRef:
    name: keycloak
  secretName: database-certificate
  dnsNames:
  - keycloak-database.keycloak.svc.cluster.local