--- # TLS cert for stalwart's own HTTPS/IMAPS/STARTTLS listeners (mail.main.unkin.net) apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: stalwart-tls namespace: stalwart spec: secretName: stalwart-tls issuerRef: name: vault-issuer kind: ClusterIssuer commonName: mail.main.unkin.net dnsNames: - mail.main.unkin.net privateKey: size: 4096 algorithm: RSA --- # TLS cert for Traefik Gateway (internal k8s admin URL) apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: stalwart-gateway-tls namespace: stalwart spec: secretName: stalwart-gateway-tls issuerRef: name: vault-issuer kind: ClusterIssuer commonName: mail.k8s.syd1.au.unkin.net dnsNames: - mail.k8s.syd1.au.unkin.net privateKey: size: 4096 algorithm: RSA