apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: selfsigned-issuer
  namespace: mosquitto
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: mosquitto-ca
  namespace: mosquitto
spec:
  isCA: true
  commonName: mosquitto mTLS CA
  secretName: mosquitto-mtls-root-ca
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: selfsigned-issuer
    kind: Issuer
    group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: mosquitto-mtls-issuer
  namespace: mosquitto
spec:
  ca:
    secretName: mosquitto-mtls-root-ca
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: mosquitto-mtls-cert
  namespace: mosquitto
spec:
  commonName: mosquitto
  secretName: mosquitto-mtls-server-cert
  dnsNames:
  - 172.16.17.83
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: mosquitto-mtls-issuer
    kind: Issuer
    group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: mosquitto-mtls-write-user
  namespace: mosquitto
spec:
  commonName: mosquitto-mtls-write-user
  secretName: mosquitto-mtls-write-user
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: mosquitto-mtls-issuer
    kind: Issuer
    group: cert-manager.io