{{- if eq .Values.tls "ingress" -}}
  {{- if eq .Values.ingress.tls.source "letsEncrypt" -}}
    {{- $certmanagerVer :=  split "." .Values.certmanager.version -}}
    {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }}
apiVersion: cert-manager.io/v1beta1
    {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }}
apiVersion: cert-manager.io/v1alpha2
    {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }}
apiVersion: certmanager.k8s.io/v1alpha1
    {{- else }}
apiVersion: cert-manager.io/v1
    {{- end }}
kind: Issuer
metadata:
  name: {{ template "rancher.fullname" . }}
  labels:
{{ include "rancher.labels" . | indent 4 }}
spec:
  acme:
    {{- if eq .Values.letsEncrypt.environment "production" }}
    server: https://acme-v02.api.letsencrypt.org/directory
    {{- else }}
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    {{- end }}
    email: {{ .Values.letsEncrypt.email }}
    privateKeySecretRef:
      name: letsencrypt-{{ .Values.letsEncrypt.environment }}
    {{- if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }}
    http01: {}
    {{- else }}
    solvers:
    - http01:
        ingress:
          class: {{ .Values.letsEncrypt.ingress.class }}
    {{- end }}
  {{- end -}}
{{- end -}}