Add cert-manager

oci-managed/certmanager/cluster_issuer.tfpl.yaml

@@ -0,0 +1,45 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: trust-manager-selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: cluster-root-certificate
+  namespace: ${namespace}
+spec:
+  isCA: true
+  commonName: cluster-root-certificate-ca
+  secretName: cluster-root-certificate-ca-secret
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: trust-manager-selfsigned-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: default-cluster-ca-issuer
+spec:
+  ca:
+    secretName: cluster-root-certificate-ca-secret
+---
+apiVersion: trust.cert-manager.io/v1alpha1
+kind: Bundle
+metadata:
+  name: in-cluster-trust-bundle
+spec:
+  sources:
+  - useDefaultCAs: true
+  - secret:
+      name: "cluster-root-certificate-ca-secret"
+      key: "tls.crt"
+  target:
+    configMap:
+      key: "trust-bundle.pem"