rancher / dynamiclistener

Apache License 2.0
17 stars 61 forks source link

Add ability to force cert regeneration #43

Closed briandowns closed 3 years ago

briandowns commented 3 years ago

Signed-off-by: Brian Downs brian.downs@gmail.com

brandond commented 3 years ago

@Oats87 I believe that I added logging to all cert signing operations a while back, so the call to l.factory.Renew(secret) should trigger an Info-level log message.

https://github.com/rancher/dynamiclistener/blob/6b37dc1212dad8b1810302d72a48b266d62b3f1c/factory/cert_utils.go#L106-L107

brandond commented 3 years ago

Just want to be clear in the terminology used here about regenerating certs vs renewing them. It is very important to Rancher that the cert is just renewed and not actually regenerated, as generating a new cert makes the browser suspicious and will break websockets.

briandowns commented 3 years ago

This operation would generate a new certificate needed for the certificate rotation work.