From e8845b7159ba1be141fba5d1a9013d4829473c43 Mon Sep 17 00:00:00 2001
From: Pierangelo Di Pilato <pierdipi@redhat.com>
Date: Tue, 30 Jan 2024 09:06:34 +0100
Subject: [PATCH] Add TLS issuers for testing

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
---
 openshift/tls/issuers/ca-certificate.yaml     | 19 ++++++++++++++++
 openshift/tls/issuers/eventing-ca-issuer.yaml | 22 +++++++++++++++++++
 openshift/tls/issuers/selfsigned-issuer.yaml  | 22 +++++++++++++++++++
 3 files changed, 63 insertions(+)
 create mode 100644 openshift/tls/issuers/ca-certificate.yaml
 create mode 100644 openshift/tls/issuers/eventing-ca-issuer.yaml
 create mode 100644 openshift/tls/issuers/selfsigned-issuer.yaml

diff --git a/openshift/tls/issuers/ca-certificate.yaml b/openshift/tls/issuers/ca-certificate.yaml
new file mode 100644
index 00000000000..3a7fe63021d
--- /dev/null
+++ b/openshift/tls/issuers/ca-certificate.yaml
@@ -0,0 +1,19 @@
+# This is the Eventing CA certificate.
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: knative-eventing-selfsigned-ca
+  # namespace: cert-manager # or openshift-cert-manager for <= 4.11
+spec:
+  secretName: knative-eventing-ca
+
+  isCA: true
+  commonName: selfsigned-ca
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+
+  issuerRef:
+    name: knative-eventing-selfsigned-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
diff --git a/openshift/tls/issuers/eventing-ca-issuer.yaml b/openshift/tls/issuers/eventing-ca-issuer.yaml
new file mode 100644
index 00000000000..1ed5ad3afce
--- /dev/null
+++ b/openshift/tls/issuers/eventing-ca-issuer.yaml
@@ -0,0 +1,22 @@
+# Copyright 2023 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This is the issuer that every Eventing component should use to issue their server's certs.
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: knative-eventing-ca-issuer
+spec:
+  ca:
+    secretName: knative-eventing-ca
diff --git a/openshift/tls/issuers/selfsigned-issuer.yaml b/openshift/tls/issuers/selfsigned-issuer.yaml
new file mode 100644
index 00000000000..6d808206ed8
--- /dev/null
+++ b/openshift/tls/issuers/selfsigned-issuer.yaml
@@ -0,0 +1,22 @@
+# Copyright 2023 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This is the root issuer to bootstrap the eventing CA.
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: knative-eventing-selfsigned-issuer
+spec:
+  selfSigned: {}
+