Allow single certificate for multiple services

[ahume]

We're starting to hit letsencrypt rate limits for number of subdomains on a registered domain (20 certs a week).

This could be mitigated by bundling up each service's domains into a request for a single certificate for each registered domain, and then copying that out across multiple secrets.

Admittedly we could work around this problem by adding all the subdomains to a single (dummy) service's acme/certificate: list (and having a single shared secret), but we very much like the semantics of each service being self-contained.

Do you think this would be something that could be handled easily in the current architecture, and would you be open to pull requests to support such a feature?

[tazjin]

Hey!

I think this could be handled by loading all services and collecting data about which certificates to load from that. If multiple services specify the same secretName they could be merged together.

The wider community seems to agree that third party resources (now "custom resource definitions") are the correct answer to the question, though. I've had that on the to-do list for a while and wonder if it would also serve your purpose to move the certificate request out of the service object?