search

gubernator-io / gubernator

High Performance Rate Limiting MicroService and Library - Developed at Mailgun
Apache License 2.0
102 stars 10 forks source link

daemon: hot reload tls config #36

Closed huikang closed 1 day ago

huikang commented 4 days ago

As I deploy gubernator with tls and need to rotate the cert/key, which are generated by some secret management tool like vault, I want the gubernator instance to reload the cert/key without being restarted.

This PR allows gubernator to hot-reload tls cert/key on receiving a SIGHUP signal. A KeypairReloader method is used to reload the cert/key and assigned to GetCertificate.

Note that clientTLS is still statically assigned because GetCertificate is inapplicable to TLS client.

example.conf is updated.

thrawn01 commented 4 days ago

This is VERY cool, thank you for making this PR! ✨

huikang commented 4 days ago

This is VERY cool, thank you for making this PR! ✨

@thrawn01 , thanks for your quick feedback! I will look into the failed test cases and update the PR.

huikang commented 3 days ago

@Baliedge , is there any chance you can help review the PR? Happy to make any change if needed. Thanks.

thrawn01 commented 1 day ago

I'll release this with #35 once that is merged.