This message was deleted.

limiting how? that’s the most common way it’s deployed for production use.

Well the first issue I've ran into is the lack of a custom cert-manager issuer. Let's say you have a cluster that already has a default, or one you want to specify

most folks deploy Rancher to a dedicated management cluster, and then put their apps on clusters managed by rancher. so, having existing stuff on there that it would conflict with isn’t very common

I can see that, do most use a public rancher endpoint to validate over letsencrypt though? Where I'm at now we have a standard set of helmfiles we use to deploy baselines for clusters so we can have a standardized versioning of tools (including cert-manager)

Yeah, looks like I can create another certificate resource, I can of course do a post helm chart to fix this.

yes, it’s usually deployed to a public endpoint so that all the clusters can get to it

It just means splitting off another chart to add a certificate resource since it's not supported from the original

I”m not sure what you mean by adding another cert resource, as far as I can tell you should be able to just do this when installing the chart?

--set ingress.tls.source=secret \
  --set ingress.extraAnnotations.cert-manager\.io/cluster-issuer=yourClusterIssuerName

ah so I guess I can use the secret resource since the stops the issuer from being propagated entirely and then add my own.

not really… thats why we list the versions of cert-manager that rancher is compatible with in the docs

Certainly not wrong there, just makes it interesting when upgrading resources. Thanks for the info