k8s/infrastructure/bitwarden/bitwarden-sdk-certs.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: bitwarden-bootstrap-issuer
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: bitwarden-bootstrap-certificate
  namespace: cert-manager
spec:
  isCA: true
  secretName: bitwarden-bootstrap-certs
  subject:
    organizations:
      - external-secrets.io
  dnsNames:
    - external-secrets-bitwarden-sdk-server.external-secrets.svc.cluster.local
    - bitwarden-sdk-server.external-secrets.svc.cluster.local
    - localhost
  ipAddresses:
    - 127.0.0.1
    - ::1
  privateKey:
    algorithm: RSA
    encoding: PKCS8
    size: 2048
    rotationPolicy: Always
  issuerRef:
    name: bitwarden-bootstrap-issuer
    kind: ClusterIssuer
    group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: bitwarden-certificate-issuer
spec:
  ca:
    secretName: bitwarden-bootstrap-certs
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: bitwarden-tls-certs
  namespace: external-secrets
spec:
  secretName: bitwarden-tls-certs
  dnsNames:
    - bitwarden-sdk-server.external-secrets.svc.cluster.local
    - external-secrets-bitwarden-sdk-server.external-secrets.svc.cluster.local
    - localhost
  ipAddresses:
    - 127.0.0.1
    - ::1
  privateKey:
    algorithm: RSA
    encoding: PKCS8
    size: 2048
    rotationPolicy: Always
  issuerRef:
    name: bitwarden-certificate-issuer
    kind: ClusterIssuer
    group: cert-manager.io
AI changes to try fix bsm clusterstore 2026-03-22 07:41:01 +00:00			`apiVersion: cert-manager.io/v1`
			`kind: ClusterIssuer`
			`metadata:`
			`name: bitwarden-bootstrap-issuer`
			`spec:`
			`selfSigned: {}`
			`---`
			`apiVersion: cert-manager.io/v1`
			`kind: Certificate`
			`metadata:`
			`name: bitwarden-bootstrap-certificate`
			`namespace: cert-manager`
			`spec:`
			`isCA: true`
			`secretName: bitwarden-bootstrap-certs`
			`subject:`
			`organizations:`
			`- external-secrets.io`
			`dnsNames:`
			`- external-secrets-bitwarden-sdk-server.external-secrets.svc.cluster.local`
			`- bitwarden-sdk-server.external-secrets.svc.cluster.local`
			`- localhost`
			`ipAddresses:`
			`- 127.0.0.1`
			`- ::1`
			`privateKey:`
			`algorithm: RSA`
			`encoding: PKCS8`
			`size: 2048`
			`rotationPolicy: Always`
			`issuerRef:`
			`name: bitwarden-bootstrap-issuer`
			`kind: ClusterIssuer`
			`group: cert-manager.io`
			`---`
			`apiVersion: cert-manager.io/v1`
			`kind: ClusterIssuer`
			`metadata:`
			`name: bitwarden-certificate-issuer`
			`spec:`
			`ca:`
			`secretName: bitwarden-bootstrap-certs`
			`---`
			`apiVersion: cert-manager.io/v1`
			`kind: Certificate`
			`metadata:`
			`name: bitwarden-tls-certs`
			`namespace: external-secrets`
			`spec:`
			`secretName: bitwarden-tls-certs`
			`dnsNames:`
			`- bitwarden-sdk-server.external-secrets.svc.cluster.local`
			`- external-secrets-bitwarden-sdk-server.external-secrets.svc.cluster.local`
			`- localhost`
			`ipAddresses:`
			`- 127.0.0.1`
			`- ::1`
			`privateKey:`
			`algorithm: RSA`
			`encoding: PKCS8`
			`size: 2048`
			`rotationPolicy: Always`
			`issuerRef:`
			`name: bitwarden-certificate-issuer`
			`kind: ClusterIssuer`
			`group: cert-manager.io`