mjuraga
commented
1 year ago Hi @fatchan we are working on the big rework of our certificate storage, so we can take full advantage of runtime storage of HAProxy in the future, so it will be a feature in the next release.
Hi, when I add or remove an SSL certificate from HAProxy with dataplaneapi, it seems a reload is required for the changes to take effect.
However, Haproxy 2.1 and 2.2, apparently SSL certificates can be updated and added/removed without requiring a reload: https://www.haproxy.com/blog/dynamic-ssl-certificate-storage-in-haproxy https://www.haproxy.com/blog/announcing-haproxy-2-2#dynamic-ssl-certificate-storage
Is it possible for this to be supported in dataplaneapi?
Edit: In the meantime, I have monkey-patched my forks of dataplaneapi and client-native to issue the necessary
ssl certandssl crt-listcommands during storage create and storage delete of ssl certificates. Then, I always set skip_reload=true or force_reload=false. This allows me to add/remove the certificates without a reload.