With Cert-Manager using the flow of creating the Certs implicitly from Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# add an annotation indicating the issuer to use.
cert-manager.io/cluster-issuer: nameOfClusterIssuer
...
spec:
...
tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
- hosts:
- example.com
secretName: myingress-cert # < cert-manager will store the created certificate in this secret.
As a result CM creates the Cert. resource on its own as an artifact.
Yet if one want to configure the attributes for the Cert it self e.g. rotationPolicy
apiVersion: cert-manager.io/v1
kind: Certificate
spec:
secretName: my-cert-tls
privateKey:
rotationPolicy: Always # Here.
So should one to create the same resource in advance preconfigured?
Won't it conflict with CM control flow?
Or should it be updated after creation?
Or where is the right place to configure this?