New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kvstore/etcd: also reload keypair using trusted-ca-file #10754
Conversation
When we define the new `trusted-ca-file` attribute, etcd's `clientyaml.NewConfig` would set `cfg.TLS.RootCAs`, which shortcuts most of the (now deprecated) `newConfig` wrapper, and prevents us from hooking reloads with `TLS.GetClientCertificate`: ``` if cfg.TLS == nil || cfg.TLS.RootCAs != nil { return cfg, nil } ``` While at it, make it so the reload functionality survives newConfig removal. Signed-off-by: Benjamin Pineau <benjamin.pineau@datadoghq.com>
Please set the appropriate release note label. |
test-me-please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR @bpineau
Is there anything I can do for integration tests? failures seems unrelated to the PR. |
test-me-please |
I've re-trigger the tests. They might have been caused by a flake. |
restart-ginkgo Restarting as CI hit #10760. |
going to merge since it hit a known flake and flake is fixed on master. |
When we define the new
trusted-ca-file
attribute, etcd'sclientyaml.NewConfig
would setcfg.TLS.RootCAs
, whichshortcuts most of the (now deprecated)
newConfig
wrapper, andprevents us from hooking reloads with
TLS.GetClientCertificate
:While at it, make it so the reload functionality survives
newConfig removal.
Signed-off-by: Benjamin Pineau benjamin.pineau@datadoghq.com