I am using kubernetes. I have hosted a POD on a cluster. It works well with https and I get the right certificates. I map the IP address to DNS. If I try to access the DNS name over https, I get IP address's certificate. I need to get the new DNS certificate. I use Ingress, service and a pod. From which should I offload certificate in this case. Should I do configure my certificate in Ingress or Service or POD?
In most cases, it belongs on the Ingress entity.
Here are a couple of examples where the Certificates are obtained and managed quite differently, but both use the same pattern of attaching the certificate to the Ingress entity via Secrets:
https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-multi-ssl. In this example the secrets are explicitly configured with the Cert and Key, these secrets are then attached to the Ingress entity via its tls attribute:
https://github.com/jetstack/cert-manager/blob/master/docs/tutorials/acme/quick-start/index.rst. In this example, CertManager is installed, a LetsEncrypt issuer is configured, then the Ingress is just annotated and CertManager will obtain and renew appropriate certificates as required and create and update the secrets accordingly.