接入cert-manager为域名签发免费证书

[qcz-cell]

1.需求背景：各大云厂商提供证书购买渠道，但是通常情况下每年都要花费预算购买，这是一笔不小的开销。对于单体架构的系统，可以通过Let’s Encrypt为单个域名定制签发域名证书的定时任务，90天到期自动续期，但是对于大量域名证书（尤其是SAAS服务系统，用户有自己的域名），这种方式不仅增加了服务器资源的占用，还增加了运维的复杂度，不利于管理且易出错。
2.替代方案：cert-manager，官网访问地址：https://cert-manager.io/docs/getting-started
3.使用方式：目前rainband的证书管理方式只能通过复制公私密钥来存储证书，证书到期后任然需要重复这一动作，希望rainband能通过接入cert-manager让用户只需要填写域名，就可以为用户提供一次性管理方案，而rainband只需要为这个域名创建一个发行者即可，证书发行者在证书到期后会自动为其续期。当rainband的用户在使用操作场来创建服务网关时，只需要选取域名即可，域名证书由cert-manager提供

[Issues-translate-bot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Title: Access cert-manager to issue a free certificate for the domain name

1. Demand background: Major cloud vendors provide certificate purchase channels, but usually they require a budget to purchase every year, which is a large expense. For a system with a single architecture, Let's Encrypt can be used to customize the scheduled task of issuing a domain name certificate for a single domain name, and it will be automatically renewed after 90 days. However, for a large number of domain name certificates (especially SAAS service systems, users have their own domain names), this This method not only increases the occupation of server resources, but also increases the complexity of operation and maintenance, which is not conducive to management and prone to errors.
2. Alternative: cert-manager, official website access address: https://cert-manager.io/docs/getting-started
3. How to use: The current certificate management method of rainband can only store the certificate by copying the public and private keys. After the certificate expires, this action still needs to be repeated. We hope that rainband can connect to cert-manager so that users only need to fill in the domain name. It can provide users with a one-time management solution, and rainband only needs to create an issuer for this domain name. The certificate issuer will automatically renew the certificate after it expires. When rainband users use the operation farm to create a service gateway, they only need to select a domain name. The domain name certificate is provided by cert-manager