Refactor ingress to use explicit certificate manifest

[sedatbasar]

Background: Currently we rely on ingress certificate resolvers to create new SSL certificates for ingress routes. This makes it difficult to track the certificate life cycle and debug errors when certificates are issued by cert manager.

AC:

• Add an explicit certificate manifest for each ingress route, eg:

  apiVersion: cert-manager.io/v1
  kind: Certificate
  metadata:
  name: myproject-domain-com-tls
  spec:
  secretName: myproject-domain-com-tls
  issuerRef:
  name: letsencrypt-prod
  kind: ClusterIssuer
  dnsNames:
  - myprojectdomain.com
  ---

• Reference each certificate by secret name, eg:

  apiVersion: traefik.containo.us/v1alpha1
  kind: IngressRoute
  metadata:
  name: myproject-ingress-route
  spec:
  entryPoints:
  - websecure
  routes:
  - kind: Rule
    match: Host(`myprojectdomain.com`)
    services:
      - name: frontend
        port: 3000
  tls:
  secretName: myproject-domain-com-tls

• To check if a certificate was generated successfully, run kubectl get certificate myproject-domain-com-tls. It will report that is ready, eg:

  NAMESPACE         NAME                             READY   SECRET                           AGE
  default           myproject-domain-com-tls         True     myproject-domain-com-tls        10m

• When you describe the certificate you should see:

  Status:
  Conditions:
  Last Transition Time:  2024-03-15T15:41:09Z
  Message:               Certificate is up to date and has not expired
  Observed Generation:   2
  Reason:                Ready
  Status:                True
  Type:                  Ready

• Add documentation about how to track certificate status in readme