Replies: 1 comment 1 reply
-
The certificates depend on the private key that is generated thus it will always required secrets being shared between clusters to avoid double certificates I am afraid. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We've got a setup which we've had for a while where we have numerous clusters (around 10) and over these many clusters we often have duplicated certificates, now using ACME and free certificates this has never really been much of an issue, but it does delay our verification process when each cert-manager is fighting for DNS (using the DNS01 solver, but I imagine fighting for the regular DNS would be an issue too).
I'm wondering what strategies we have for reducing the number of verifications to none whilst still having shared DNS available to us. The only one I can really think of would be some kind of secret replication across clusters (kubed comes to mind), but this somehow feels clunky too.
I'm wondering if this is a problem which has been solved by anyone else perhaps?
Beta Was this translation helpful? Give feedback.
All reactions