Handmaiden

Service that ensures that Kubernetes cluster properly handles https traffic for all domains in all Tenants, and uses proper certificates for domains. It periodically asks the API for Tenants and their respective certificates. Also, it creates/updates/removes ingresses and secrets with certificates for those ingresses in the Kubernetes cluster.

• Downtime
• Scaling
• Deployment
• Strong dependencies
• Weak dependencies

Downtime

not critical

Downtime will be visible only in case Tenant configuration would be changed (e.g. new Tenant, Tenant URI’s edited, Tenant certificates changes). Generally service may be stopped for and arbitrary period of time if there is no changes in Tenants and Tenant certificates.

Scaling

Theoretically, it can be scaled to more then one instance. However, there is no practical sense to do so, and it was never tested.

Deployment

Use rolling release. Delete pod and create new.

Strong dependencies

Service depend on Kubernetes API service to start.

Weak dependencies

Handmaiden would not function without the following services:

• API
• NGINX-ingress-controller (no ingress controller means no real work).