I want to transfer the letsencrypt certificate of my production Kubernetes cluster to the cluster I'm spinning up for e2e tests in GitLab CI.

My goal is to avoid storing the certificate in the CI and inject it through the environment because then I need to update manually and have it there for always rather than just the time of the CI job. I assume that I can't create a certificate for the domain for the e2e cluster because the production cluster keeps running.

I'm exporting the secret which is used by the ingress with kubectl get -o yaml and importing it into the newly created cluster with kubectl apply. This works fine for microk8s locally.

My production and e2e cluster are in the Google Cloud. The ingresses don't get IP external addresses because they're complaining Issuer resource "letsencrypt-prod" not found. I need the IP address to configure name resolution for the test to point to the e2e cluster rather than production.

I tried adding a

apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # The ACME server URL
    server: https://acme-staging.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: admin@mereet.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    http01: {}

into the namespace where the ingresses are created and into the namespace where cert-manager is installed.

What is the missing issuer referring to and how can I make the certificate transfer work which already works from production to local.