ahus1
commented
4 months ago I see that that feature was added only in 15.1.0.Dev01, and that might be more recent than the 15.0.x branch we're using in our testing in the Keycloak Benchmark repository.
Closed ryanemerson closed 1 month ago
ahus1
commented
4 months ago I see that that feature was added only in 15.1.0.Dev01, and that might be more recent than the 15.0.x branch we're using in our testing in the Keycloak Benchmark repository.
ryanemerson
commented
4 months ago You're right @ahus1, ISPN-15916 was only added in 15.1.0.Dev01. However, more work is still required in order for us to support the automatic reloading of certificates in XSite deployments.
spec.security.endpointEncryption.CertSecretName, result in a StatefulSet rolling updatespec.security.endpointEncryption.ClientCertSecretName, result in a StatefulSet rolling updatespec.Service.Sites.Local.Encryption.* have no effect and both the Infinispan and GossipRouter pods must be restarted.spec.security.endpointEncryption.CertSecretName, result in a StatefulSet rolling updatespec.security.endpointEncryption.ClientCertSecretName, result in a StatefulSet rolling updatespec.Service.Sites.Local.Encryption.TransportKeyStore and spec.Service.Sites.Local.Encryption.TransportTrustStore are automatically loaded at runtime on Secret update. spec.Service.Sites.Local.Encryption.RouterKeyStore Secret are ignored until the GossipRouter pods are restarted.
ISPN-15916 added Keystore reloading capabilities to the Infinispan server, however updates to the cert secrets don't seem to have an impact on the server pods. This needs to be investigated and fixed either by changes to the server or operator code.