I'm using this for rolling out test environments and so far it works amazingly well. Wildcard DNS record to an ELB, and with just the one kube-lego pod + the one single ingress annotation i automatically get new environments provisioned in under 10 minutes including app bootstrap. As a recovering sysadmin (some fools now call me devops;) this is stuff i thought of being the holy grail 5 years ago.

Can you explain this a little more? I am going to try this out this weekend. It does sound like the holy grail!

I think kube-cert-manager is a bit more flexible. I'm using kube-lego now but I'd like to switch to kube-cert-manager. kube-lego seems fairly integrated with Ingress, since it needs to be able to write custom route handlers for the HTTP challenge. Since my cloudprovider doesn't have an Ingress Controller yet, I'd prefer to use plain LoadBalancer services instead of Ingress.

Interestingly, kube-lego requires DNS to be configured correctly anyway so that lego can verify the http challenge (implicitly requiring the DNS A record). kube-cert-manager though, could retrieve the cert automatically before the A record is ever created and propagated.

Theoretically, you could make this work with any DNS provider with an API. Much the same way that lego does: https://github.com/xenolf/lego/tree/master/providers/dns

AFIACT you still have to configure the DNS A record yourself, kube-cert-manager just solves the challenges using DNS.