Issuer Configuration
The first thing you'll need to configure after you've installed cert-manager is an Issuer or a ClusterIssuer.
These are resources that represent certificate authorities (CAs)
able to sign certificates in response to certificate signing requests.
This section documents how the different issuer types can be configured. You might want to
read more about Issuer and ClusterIssuer resources.
cert-manager comes with a number of built-in certificate issuers which are denoted by being in
the cert-manager.io group. You can also install external issuers in addition to the built-in types.
Built-in and external issuers are treated the same and are configured similarly.
Cluster Resource Namespace
When using ClusterIssuer resource types, ensure you understand the purpose of the
Cluster Resource Namespace; this can be a common source
of issues for people getting started with cert-manager.
The ClusterIssuer resource is cluster scoped. This means that when referencing
a secret via the secretName field, secrets will be looked for in the Cluster Resource Namespace. By default, this namespace is cert-manager however it can be
changed via a flag on the cert-manager-controller component:
--cluster-resource-namespace=my-namespace
