Install & configure cert-manager for k8s LE cert renewal

[gothub]

cert-manager is a package that can be installed on k8s and will take care of renewing Let's Encrypt certificates. This group is a member of the Cloud Native Computing Foundation, so can be trusted.

This package should be able to renew our k8s certificates with the set of required domain names in the certificate. For example, k8s dev is currently configured with DNS names "api.test.dataone.org, stage.gnis-ld.org".

Two custom k8s resources must be configured (via manifest files):

• a ClusterIssuer - this resource provides information needed to communicate with Let's Encrypt, and will direct cert-manager to update certs for all relevant ingress (in all namespaces with the related secret name).
• a https://cert-manager.io/docs/concepts/certificate/, which specifies info needed for our CE certs

Once these custom resources are setup, the installation and startup of this service should be straightforward. This will provide automated cert renewal.

[gothub]

cert-manager distributes a kubectl plugin that may be able to create the necessary k8s resources mentioned above, and could streamline the configuration and updating of cert-manager.

[gothub]

cert-manager was installed using helm and is currently running in the dev k8s environment and creating/renewing certs in that environment. It is installed but not fully configured for prod, but will be soon. The instructions for install/configuration are detailed here.