krzykwas
commented
3 years ago GKE Managed Certs are by default enabled in GKE by Google. How exactly did you reach the conclusion that this feature is negatively affecting the performance?
Closed FossPrime closed 3 years ago
krzykwas
commented
3 years ago GKE Managed Certs are by default enabled in GKE by Google. How exactly did you reach the conclusion that this feature is negatively affecting the performance?
FossPrime
commented
3 years ago I was getting an exponentially increasing amount of error messages in my GKE Activity log. About 100 errors per minute.
The issue turned out to be that cert-manager-webhooks really needed port 6443 configured and proxied down to the correct pod... I just removed the webhooks version of it, I already have good monitoring of certificate expiration.
Double checked CPU usage... I got a 3.0% CPU drop in regular peaks, intel skylake.
krzykwas
commented
3 years ago GKE Managed Certs have nothing in common with cert-manager-webhooks. I don't understand the problem well, but it seems it was not caused by GKE Managed Certs.
I'm getting bad performance in my cluster from this... It's assuming I use the Google ingress, have port 6443 open, have no cert-manager installed and configured to auto renew le certs and have unlimited google ssl quota... non of that is true.
Is this auto installed by Google? Is this auto installed by gitlab?