Currently, always a new issuer is created for portieris. This PR exposes overrides so that one can configure an already existing issuer to be used.
This is especially important for rotation use-cases. Currently, since self-signed issuer is used on each rotation the certificate is issued by a different issuer. This means that the old certificate is automatically invalid since the issuer is different. Portieris deployment needs to be restarted in order to pick up the new cert.
If we manage to use an existing cert-manager issuer, one can configure a stable one that will be used for portieris certificates. This way, when a certificate is rotated, the issuer will be the same and the cert will be valid for a few days more until it actually expires - enough time for redeployment to happen and portieris to pick up the new cert.
Currently, always a new issuer is created for portieris. This PR exposes overrides so that one can configure an already existing issuer to be used.
This is especially important for rotation use-cases. Currently, since self-signed issuer is used on each rotation the certificate is issued by a different issuer. This means that the old certificate is automatically invalid since the issuer is different. Portieris deployment needs to be restarted in order to pick up the new cert.
If we manage to use an existing cert-manager issuer, one can configure a stable one that will be used for portieris certificates. This way, when a certificate is rotated, the issuer will be the same and the cert will be valid for a few days more until it actually expires - enough time for redeployment to happen and portieris to pick up the new cert.