Certificate-dev.yaml

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: ep4sh-ru-cert-dev
  namespace: ehome
spec:
  # Secret names are always required.
  secretName: ep4sh-ru-tls-dev
  # secretTemplate is optional. If set, these annotations and labels will be
  # copied to the Secret named example-com-tls. These labels and annotations will
  # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate
  # is also enforced, so relevant label and annotation changes on the Secret by a
  # third party will be overwriten by cert-manager to match the secretTemplate.
  duration: 2160h # 90d
  renewBefore: 360h # 15d
  subject:
    organizations:
      - RXLAB LLC
  # The use of the common name field has been deprecated since 2000 and is
  # discouraged from being used.
  #commonName: ep4sh.ru
  privateKey:
    rotationPolicy: Always
    algorithm: RSA
    encoding: PKCS1
    size: 4096
  usages:
    - server auth
    - client auth
  # At least one of a DNS Name, URI, IP address or otherName is required.
  dnsNames:
    - ep4sh.ru
  #uris:
  #  - spiffe://cluster.local/ns/sandbox/sa/example
  #ipAddresses:
  #  - 88.87.70.102
  # Needs cert-manager 1.14+ and "OtherNames" feature flag
  #otherNames:
    # Should only supply oid of ut8 valued types
    #- oid: 1.3.6.1.4.1.311.20.2.3 # User Principal Name "OID"
    #  utf8Value: [email protected]
  # Issuer references are always required.
  issuerRef:
    name: letsencrypt-dev
    # We can reference ClusterIssuers by changing the kind here.
    # The default value is Issuer (i.e. a locally namespaced Issuer)
    kind: ClusterIssuer
    # This is optional since cert-manager will default to this value however
    # if you are using an external issuer, change this to that issuer group.
    group: cert-manager.io

Certificate-prod.yaml

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: ep4sh-ru-cert-dev
  namespace: ehome
spec:
  # Secret names are always required.
  secretName: ep4sh-ru-tls-dev
  # secretTemplate is optional. If set, these annotations and labels will be
  # copied to the Secret named example-com-tls. These labels and annotations will
  # be re-reconciled if the Certificate's secretTemplate changes. secretTemplate
  # is also enforced, so relevant label and annotation changes on the Secret by a
  # third party will be overwriten by cert-manager to match the secretTemplate.
  duration: 2160h # 90d
  renewBefore: 360h # 15d
  subject:
    organizations:
      - RXLAB LLC
  # The use of the common name field has been deprecated since 2000 and is
  # discouraged from being used.
  #commonName: ep4sh.ru
  privateKey:
    rotationPolicy: Always
    algorithm: RSA
    encoding: PKCS1
    size: 4096
  usages:
    - server auth
    - client auth
  # At least one of a DNS Name, URI, IP address or otherName is required.
  dnsNames:
    - ep4sh.ru
  #uris:
  #  - spiffe://cluster.local/ns/sandbox/sa/example
  #ipAddresses:
  #  - 88.87.70.102
  # Needs cert-manager 1.14+ and "OtherNames" feature flag
  #otherNames:
    # Should only supply oid of ut8 valued types
    #- oid: 1.3.6.1.4.1.311.20.2.3 # User Principal Name "OID"
    #  utf8Value: [email protected]
  # Issuer references are always required.
  issuerRef:
    name: letsencrypt-dev
    # We can reference ClusterIssuers by changing the kind here.
    # The default value is Issuer (i.e. a locally namespaced Issuer)
    kind: ClusterIssuer
    # This is optional since cert-manager will default to this value however
    # if you are using an external issuer, change this to that issuer group.
    group: cert-manager.io

ClusterIssuer-dev.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-dev
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory 
    email: <Ваша почта>
    privateKeySecretRef:
      name: letsencrypt-dev
    solvers:
      - http01:
          ingress:
            class: nginx

ClusterIssuer-prod.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-production
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: <Ваша почта>
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
      - http01:
          ingress:
            class: nginx

ingress-prod.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
    meta.helm.sh/release-name: ehome
    meta.helm.sh/release-namespace: ehome
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
.....
.....
spec:
  ingressClassName: nginx
  rules:
  - host: ep4sh.ru
    http:
      paths:
      - backend:
          service:
            name: ehome
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - ep4sh.ru
    secretName: ep4sh-ru-tls
```