Presently, the deployments for Linux and Docker renew the controller's leaf certs at startup by default. Clint suggests in this comment that they should also or instead renew the leaf certs at some interval.
If they did renew at an interval, it would be better than requiring a restart of the controller, especially if only one controller existed.
The best way to address this is by discussing how the controller should manage its certificates. That would be better than requiring every deployment to wrap and manage leaf cert renewal.
Presently, the deployments for Linux and Docker renew the controller's leaf certs at startup by default. Clint suggests in this comment that they should also or instead renew the leaf certs at some interval.
If they did renew at an interval, it would be better than requiring a restart of the controller, especially if only one controller existed.
The best way to address this is by discussing how the controller should manage its certificates. That would be better than requiring every deployment to wrap and manage leaf cert renewal.