Deploy cert-manager on workload clusters
Summary
cert-manager is a unit that is potentially useful for many workload clusters in order to obtain certificates for the CNFs, but is currently only installed on the management clusters.
The CNFs can deploy their own cert-manager if they need, but installing it as an option can be a service of the platform.
The installation should also take care of installing a cluster issuer on the model of what is done for the management cluster.
It should also be possible to install an ACME or vault issuer when https://gitlab.com/sylva-projects/sylva-core/-/tree/922-x509-cetrtificate-automation-via-acme-or-vault-issuer is merged.
Custom project and cluster roles should be defined in Rancher :
- to manage the CR of cert-manager
- to view the CR of cert-manager These roles can then be assigned to some users or groups of users according to their needs, without needing to define these roles for each new deployment.