Which network fabric do you use and how did you set up DNS/cert management? For me certificates has been one of the pain points - have been using cert-manager with LetsEncrypt for some time but it has been notoriously unstable and they have introduced plenty of breaking changes between releases. (That being said I haven't tried the more recent releases, maybe things have gotten more stable in the past couple of months)
Google recently release managed certs for those running on GKE, but those are limited to a single domain per cert.
I use the external-dns and cert-manager tools. cert-manager uses lets-encrypt but fully automates everything, you just add an annotation to your ingress resource. Been using it in prod for around 6 months now with no problems.
Ah, sounds like they’re stabilizing then - I’ve had a lot of stability and upgrading issues with older versions.
Just the fact that you couldn’t configure it for automatic renewal with anything else than 24h before expiry and these renewals would fail half the time...
Google recently release managed certs for those running on GKE, but those are limited to a single domain per cert.