Add webhook cert auto-rotating

2025-09-23 23:49:51 +02:00
parent 8a9425b150
commit 9dce6c79ea
10 changed files with 199 additions and 0 deletions
--- a/linkerd/templates/policy-validator-certificate.yaml
+++ b/linkerd/templates/policy-validator-certificate.yaml
@@ -0,0 +1,20 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: linkerd-policy-validator
+spec:
+  secretName: linkerd-policy-validator-k8s-tls
+  duration: 24h
+  renewBefore: 1h
+  issuerRef:
+    name: webhook-issuer
+    kind: Issuer
+  commonName: linkerd-policy-validator.linkerd.svc
+  dnsNames:
+  - linkerd-policy-validator.linkerd.svc
+  isCA: false
+  privateKey:
+    algorithm: ECDSA
+    encoding: PKCS8
+  usages:
+  - server auth