hashicorp-cla
commented
1 year ago Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement
Learn more about why HashiCorp requires a CLA and what the CLA includes
temp seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you already have a GitHub account, please add the email address used for this commit to your account.
Have you signed the CLA already but the status is still pending? Recheck it.
Backport
This PR is auto-generated from #173 to be assessed for backporting due to the inclusion of the label backport/vault-1.11.x.
:rotating_light:
The person who merged in the original PR is: @benashz This person should manually cherry-pick the original PR into a new backport PR, and close this one when the manual backport PR is merged in.
The below text is copied from the body of the original PR.
Previously, it was possible for the http.Client's Transport to be missing the necessary root CAs to ensure that all TLS connections between the auth engine and the Kubernetes API were validated against a configured set of CA certificates.
This fix ensures that the http.Client's Transport is always consistent with the configured CA cert chain, by introducing a periodic TLS configuration checker that is started as part of the backend's initialization. The periodic checker provides a signal handler that will update the backend's TLS configuration on SIGHUP.
Other fixes:
Closes #169 #170
Overview of commits
- 6fb49ec37287fa54df8adbade90ed11013ad30a0