I am using cert-manager to manager SSL certificates on kubernetes. Certificates are stored as secrets in my namespace. I'll have to generate near 1 000+ certificates but I read that it is "dangerous" to have a high number of secrets because it could block start of kubernetes when starting new nodes for example.
Do you have more information about how many secrets could be critical ? How many certificates are you managing by cert-manager and is your k8s cluster safe ?
I can't find any information about the exact secret's number, but after check the oficial documentation I've found:
Individual secrets are limited to 1MiB in size. This is to discourage creation of very large secrets which would exhaust the API server and kubelet memory. However, creation of many smaller secrets could also exhaust memory. More comprehensive limits on memory usage due to secrets is a planned feature.
Is hard to say a magical number because It will depends of how are you using the secrets and how your cluster is configured. The most safe way is test in a non-production environment to verify the behaviour. A multimaster or multicluster cluster could be more resilient to handle secrets, for example.
In gke dimension limits: number of pods, number of services + total number of objects stored in etcd.
Here you can find more information about etcd databases and K8s API requirements/performance.
Also, I found a very interesting article where we can find more information about Kubernetes scalability thresholds, unfortunately there is no mention about k8s secrets performace.
