I have 1 kubernetes cluster that consists of multiple namespaces. Each namespace is owned by a team. However all public API of teams in this kubernetes cluster are using the same domain. Example: team-a-svc-01.example.com, team-b-svc-02.example.com, etc.
Each namespace is given a dedicated Istio Ingress Gateway controller. So I, as cluster administrator, want to automate the TLS secret provisioning used by each namespace's Istio Ingress Gateway controller. So what I have to do basically to create identical Certificate
in each namespace with the same wildcard domain, so that it can create tls secret in each namespace then be used by Istio Ingress Gateway in respective namespace.
For the issuer, I will use ClusterIssuer
.
Now my question is, does ClusterIssuer
cache the request of certificate coming from all namespaces? Given all certificate request is identical (will be using the same wildcard domain name(is it possible?), renewal configuration, etc)?
Best, Agung