K
Q

Does ClusterIssuer has cache behavior in multiple namespaces environment?

10/24/2019

I have 1 kubernetes cluster that consists of multiple namespaces. Each namespace is owned by a team. However all public API of teams in this kubernetes cluster are using the same domain. Example: team-a-svc-01.example.com, team-b-svc-02.example.com, etc.

Each namespace is given a dedicated Istio Ingress Gateway controller. So I, as cluster administrator, want to automate the TLS secret provisioning used by each namespace's Istio Ingress Gateway controller. So what I have to do basically to create identical Certificate in each namespace with the same wildcard domain, so that it can create tls secret in each namespace then be used by Istio Ingress Gateway in respective namespace.

For the issuer, I will use ClusterIssuer.

Now my question is, does ClusterIssuer cache the request of certificate coming from all namespaces? Given all certificate request is identical (will be using the same wildcard domain name(is it possible?), renewal configuration, etc)?

Best, Agung

-- Agung Pratama
cert-manager
istio
kubernetes

Similar Questions

How kubernetes request and limit works in pressure?
Docker image not pulling latest from dockerhub.com registry
unable to conect to VM and k8s pod in hazelcast
What is the right way to free up kubernetes resources for a kubernetes job that fails pulling the image?

0 Answers