Allow to select multiple "trust" namespaces

[MohammedNoureldin]

[Feature Request]

It would be useful to have the ability, as same as target namespaces, to select multiple trusted namespaces, from which the resources can be read and mirrored.

[karmops]

hello? why did nobody answer here?

I also didn't get this "trust" namespace. because this drive/obligate me to have a different topology and how I see this project.

1. I have a redis with tls, I want the projects uses this redis receive the ca.crt file over config-map or secret...
2. I have kafka with tls... same as above
3. I have database with tls... same above

I can't deploy this trust manager once and use bundles with different trust namespaces. To solve my scenario, I need to deploy it three times, one for each namespace(redis, kafka, and database). Is this what this project is expecting to be used for? Why this is not clear in the documentation?

I believe it should have a design (image) explaining these scenarios

[bdkuhman]

Also curious about this. Definitely think it's needed. cert-manager itself is able to provision sets of certs/secrets across different namespaces, but with trust-manager only able to pull certs from one namespace, I would think that it'd require multiple trust-manager deployments for each namespace today.

I get having to whitelist trusted namespaces, but why limit it to one, when more than one trust source can be created by cert-manager?

My scenario is that I have cert-manager creating certs within separate namespaces, and need to trust these certs within different namespaces. there's cert-manager's Certificate's truststores: field, but it appears that this will only add to the secret within the certificate's namespace, so I can't reach back to it from another namespace. This seems like what trust-manager is hoping to solve, to distribute a trust store into different namespaces, but when it can only source certs from one namespace, It's not as flexible as it would seem.