make http-solver-pod resources configurable #892
Description
Is your feature request related to a problem? Please describe.
There are namespaces in our project with limits set that require higher cpu and mem resources than the acme http solver pod is started with. As far as I see it those limits are hard-coded right now and were added in: Add limits to http validation pod
Correlating error message from the cert-manager log:
I0912 08:08:18.429041 1 sync.go:276] Error preparing issuer for certificate monitoring/unsee-cert: pods "cm-acme-http-solver-rp8bp" is forbidden: [minimum cpu usage per Container is 100m, but request is 10m., minimum memory usage per Container is 128Mi, but request is 64Mi.]
Describe the solution you'd like
Make the resource requests for the http solver pod configurable.
Describe alternatives you've considered
Maybe it is not necessary to start the httpd solver pods in the namespaces where the certifictes/ingress lies and instead they could be started in the same isolated namespace where cert-manager is running.
So this could be configurable as well.
Environment details (if applicable):
- Kubernetes version (e.g. v1.10.2): v1.9.7
- Cloud-provider/provisioner (e.g. GKE, kops AWS, etc): kops AWS
- cert-manager version (e.g. v0.4.0): v0.4.1
- Install method (e.g. helm or static manifests): static manifests
/kind feature