--- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: authentik-tls namespace: authentik spec: secretName: authentik-tls issuerRef: kind: ClusterIssuer name: vault-issuer commonName: identity.unkin.net dnsNames: - identity.unkin.net - identity.k8s.syd1.au.unkin.net privateKey: algorithm: RSA size: 4096