apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: tunnel
spec:
  secretName: tunnel-tls
  issuerRef:
    name: letsencrypt
    kind: ClusterIssuer
  commonName: "*.tunnel.${domain}"
  dnsNames:
    - "tunnel.${domain}"
    - "*.tunnel.${domain}"