-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow all resources to be namespaced #297
Comments
I am running into a similar issue where I want to manage Java keystores per namespace. |
@erikgb I have en application where users can upload certificates themselves. Currently there are some scripts to add those certificates to a keystore, but trust-manager would simplify this process. Since I'm already using cert-manager in the cluster, it seemed like the most logical solution. |
Ahhh, so you want use trust-manager to convert certs in PEM format into a truststore? |
@erikgb Correct |
We have a relatively unique set up. that until multiple namespaces are enabled, this may be a better solution.
Requirement:
We need to deploy trust-manager in a manner all the trust-manager resources are fully namespaced, or in a way that any deployments in other namespaces would not interfere with a deployment in another namespace.
Why?
The environment that we are deploying to only gives us access to a single namespace that we deploy to using Helm; we do not have access to the cert-manager namespace, and it is more ideal for us to deploy trust-manager as part of our namespace until it can support multiple namespaces (even if it could, we don't know how reconfiguring trust-manager for other namespaces after deployment would work).
Current Solution
I am using trust-manager as a dependent chart in our parent Helm chart, disabling CRDs, and have an edited Bundle CRD in the parent chart that is scoped to the namespace.
What I realize is that 3 resources will prevent deployments in other namespaces: validatingwebhookconfiguration,,clusterrole, and clusterrolebinding. So even if we deploy to our namespace, it will currently prevent other deployments.
Proposed Solution
namespacedOnly
, which will allow for a fully namespaced deploymenttrust-manager-user-dev
Alternatively, configuration for multiple namespaces should be completed, and we can work around that.
The text was updated successfully, but these errors were encountered: