Service that ensures that Kubernetes cluster properly handles https traffic for all domains in all Tenants, and uses proper certificates for domains. It periodically asks the API for Tenants and their respective certificates. Also, it creates/updates/removes ingresses and secrets with certificates for those ingresses in the Kubernetes cluster.
Downtime will be visible only in case Tenant configuration would be changed (e.g. new Tenant, Tenant URI’s edited, Tenant certificates changes). Generally service may be stopped for and arbitrary period of time if there is no changes in Tenants and Tenant certificates.
Theoretically, it can be scaled to more then one instance. However, there is no practical sense to do so, and it was never tested.
Use rolling release. Delete pod and create new.
Service depend on Kubernetes API service to start.
Handmaiden would not function without the following services:
- NGINX-ingress-controller (no ingress controller means no real work).