Feat: Add support for cert-manager

[jp-gouin]

Is your feature request related to a problem? Please describe. For production environment , it's best to verify the certificate during the replication between each nodes. Currently this is only possible by bringing our own certificate.

Describe the solution you'd like Add a certificate resource for cert-manager support. Need to input the issuerRef. dnsNames can be computed automatically using the services name, headless + replica count

The value could look like :

initTLSSecret:
...
  certManager: 
    issuerRef:
        name: selfsigned-ca
        kind: Issuer

(Feel free to upvote it, so I can get a sense at how useful it can be :) )

[olegeech-me]

Integration with cert-manager would significantly improve the setup. Using self-signed certificates requires manually distributing the CA file to all LDAP consumer services to ensure proper certificate validation. The primary challenge is correctly mapping LDAP hostnames to the ACME domain. For example, issuing a wildcard certificate for *.ldap.example.com (assuming the user owns example.com) allows this certificate to be used across all LDAP instances. The key is to configure the Helm chart to update all LDAP endpoints to use domain names like ldap-0.ldap.example.com or ldap-readonly-0.example.com. However, it's not possible to include internal Kubernetes service names (e.g., ldap-0.ldap-headless.openldap.svc.cluster.local) in an ACME certificate's Subject Alternative Names (SANs), as Let's Encrypt does not issue certificates for such internal domains.