Certificate rotation on Issuer update

[Cristian Cordova]

Greetings,

Recently I had to rotate a ca-crt for a component which is deployed as a Kubernetes Secret, then link the Issuer to the existing Secret.

After that I create a Certificate which is used by the component.

However, after I rotated the original Kubernetes Secret manually, the Certificate didn't change automatically. Am I wrong to think the Certificate should be automatically renewed if there's a change to the secret being referred by its Issuer?

Otherwise, I'd appreciate to know the correct workflow to get this setup in such a way that the Certificate will be rotated automatically when the Issuer cert changes.

Thanks