A work in progress (WIP) document discussing the following open source cert-manager issue, and how it might make sense to tackle this. All comments,ffeedback and edge cases welcomed. The Issue(s) Currently a user creating a certificate resource has many options and depending on the Issuer / CA they are using, and may have to fill out more YAML fields than they care about. I propose that the real issue to resolve here is one of user convenience / experience, in that a user ultimately wants a certificate and the vast majority of the configuration is of little concern. A second issue that I think we perhaps tackle sererately is the idea of what Issuer / ClusterIssuer should be used for the certificate. A tenant with access only to one namespace and no access to configure Issuers would use only the Issuer(s) present. In a lot of scenarios that would be a single issuer for that namespace or a default ClusterIssuer. In both of those cases, just having the certificate default to an Issuer rather than having to manually specify it would be a more optimal experience. The questions to me are: