Cert-manager: Add support for watching multiple individual namespaces

Created on 24 May 2017 · 4Comments · Source: jetstack/cert-manager

In order to support better scaling and isolation of cert-manager, a user should be able to specify a single namespace, or list of namespaces to watch. This does not necessarily have to be the same namespace as cert-manager is running in, just sufficient roles defined such that they can access the appropriate resources.

Ideally, we would multiplex multiple event streams to only watch events in the namespaces that are named as monitored, to save receiving the entire event stream for all namespaces.

/cc @whereisaaron @simonswine @luna-duclos

Source

munnerz

👍2

All 4 comments

We can probably snip the watch logic straight out of KCM for this one.

luna-duclos on 24 May 2017

👍1

I've created https://github.com/jetstack-experimental/cert-manager/pull/35 that adds a function to create a new shared informer with a specific namespace & set of labels. We'll need to update the actual controllers in pkg/controller to use this function next.

If a user specifies multiple namespaces, then we should create multiple instantiations of the Controller - one for each namespace being watched. This will mean there will be NumNamespaces * NumWorkersPerController worker goroutines processing at any one time.

munnerz on 7 Aug 2017

It's now possible to watch a single namespace. I'm going to push watching multiple namespaces out of the initial milestone as you can run an instance per namespace for now.

munnerz on 9 Sep 2017

Closing this as I've not seen any use-cases for it currently, and it introduces significant complexity to our handling of informers to do in any useful way.

munnerz on 5 Jun 2018

👎2

Was this page helpful?

0 / 5 - 0 ratings