How to reuse TLS certificate from another namespace

This part of docs says we can reuse certificate generated by installer. We deploy application to separate from default namespace (which is strongly recommended here Managing Application Namespaces | Replicated Docs) and it’s impossible to get secret from default namespace. What the best way to share certificate?

Hi @Vitaliy thanks for this question – I think maybe the docs might need some clarification, but if you look at the first example, our recommendation is to never specify a namespace in your manifests, and have the App Manager (KOTS) deploy to whatever namespace it’s running in. Would you be able to give that a try?

# good, namespace absent
apiVersion: apps/v1
kind: Deployment
  name: spline-reticulator

However, if you must use another namespace, I believe you can use the additionalNamespaces flag documented for the Application Custom Resource to cause certain secrets to be copied across namespaces, but I don’t think the kurl-proxy SSL secret is one of these.

Thank you for your answer.
Let me be more specific. App Manager is deployed into default namespace, when my helm chart is deployed into dedicated namespace (we have ‘namespace:’ is absent in our templates, but have ‘additionalNamespaces:’ in ‘replicated-app.yaml’ and ‘namespace:’ provided in ‘helm-chart.yaml’ file). App Manager creates secret object ‘kotsadm-tls’ with certificate in default namespace and doesn’t share it with additional namespaces. So the only one solution is to deploy my helm chart into default namespace to share those certificates?

Hi Vitaliy – I think its less “you must use the default namespace”, but more so, “you should use the same namespace that the App Manager (KOTS) is deployed to”. In the kURL cluster case, this will always be the default namespace, but just want to clarify that one detail. So I would leave out the namespace in your HelmChart kind, or set it to {{repl Namespace }} to pick up the KOTS namespace automatically.