Watch TLS certificate change

[Som-Som-CC]

From time-to-time TLS certs change. There are various solutions to track changes:

• Have a cronjob, which performs Kubernetes (e.g. kubectl) rollout restart regularly, e.g weekly.
• Check fs change, e.g inotify, and exit process on change. That is highly problematic for ongoing transactions. Toying with readiness probe might help, but it is better avoiding that.
• Use tls.Config.GetCertificate, and use a watcher, such as sigs.k8s.io/controller-runtime/pkg/certwatcher. You may check Kong Ingress Controller code: https://github.com/Kong/kubernetes-ingress-controller/pull/2258/files

[Som-Som-CC]

I came across a cloud-native solution. Whenever the TLS Secret is updated, Realoader detects that and issues a rollout restart. Obviously, another, even more cloud-native approach is not dealing with TLS in the business logic, at all. But letting service mesh equipped with the latest and greatest technology doing that for us. Two great solution at hand, I think this issue can be closed.