This change fixes an issue with how server.ListenAndServe loads certificates. It sets up a memory -> kubernetes -> memory Secret storage stack, which combined with lazy (on-demand) loading of certificate data, caused the certificate to not be properly renewed when it expired.
It also resolves a regression from #38 - while IPv6 addresses are no longer rejected by the CN regex, they cannot actually be stored in the CN annotation, as semicolons are not allowed in annotation keys. This also fixes handling of hostnames that are more than 41 characters long.
This change fixes an issue with how
server.ListenAndServe
loads certificates. It sets up a memory -> kubernetes -> memory Secret storage stack, which combined with lazy (on-demand) loading of certificate data, caused the certificate to not be properly renewed when it expired.It also resolves a regression from #38 - while IPv6 addresses are no longer rejected by the CN regex, they cannot actually be stored in the CN annotation, as semicolons are not allowed in annotation keys. This also fixes handling of hostnames that are more than 41 characters long.