Hi all,
I need some help to face the following issue with rate limit and subdomains for my company setup.
Abstract:
In my company, we provide a full CMS solution hosted in k8s with several microservices components. We use a dedicated domain for those installation and move it to a Microsoft Azure DNS zone (let's call it company.azure).
Everytime we have to setup a new AKS cluster we generate a wildcard subdomain pointing at it with the standard *.customer.company.azure and we have CertManager on each cluster to provide the certificates needed (https://cert-manager.io/docs/).
Our (wrong) assumption was that using for each cluster a different requester and a different subdomain would have avoid to hit the limit, but today we started to receive the error of "too many certificates request for company.azure".
In this moment we create a certificate for each application inside the cluster, so about 10 certificates per installation, I am trying to understand if it could have sense to try to reduce them by using a single wildcard certificate per subdomain and how this is counted in the rate limits.
Basically I want to create a certificate matching the wildcard DNS domain *.customer.company.azure, is this feasible or the wildcard certificate can only match *.company.azure?
Thanks in advance for the help,
Carlo Alberto