Closed Som-Som-CC closed 2 years ago
I came across a cloud-native solution. Whenever the TLS Secret is updated, Realoader detects that and issues a rollout restart. Obviously, another, even more cloud-native approach is not dealing with TLS in the business logic, at all. But letting service mesh equipped with the latest and greatest technology doing that for us. Two great solution at hand, I think this issue can be closed.
From time-to-time TLS certs change. There are various solutions to track changes:
tls.Config.GetCertificate
, and use a watcher, such as sigs.k8s.io/controller-runtime/pkg/certwatcher. You may check Kong Ingress Controller code: https://github.com/Kong/kubernetes-ingress-controller/pull/2258/files