-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support TLS certificate updates #442
Support TLS certificate updates #442
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: marquiz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
My testing is still fairly limited |
9f40d31
to
43ab6b8
Compare
ee2e92b
to
b64c233
Compare
How about re-using |
Thanks for the heads-up. We could try to move it there. But, I'm not sure if we want to block this by waiting for that to happen. WDYT? |
de151f8
to
efb41c5
Compare
Generalized the code a bit more.
Took a quick look and the code looks incomplete, flaky and buggy. Thus, I don't think I want to spend time on that atm. We could try to upstream our code, though 🤔 But that's a separate issue nevertheless |
My testing is still somewhat limited but seems to work for me |
efb41c5
to
bc17f91
Compare
Rebased. Change |
OK, I did not try |
If I read it correctly, fails on multiple corner cases, e.g. renames. Does not watch for ca cert. |
bc17f91
to
676eca7
Compare
Let's put this on hold until someone® verifies this with #379 |
676eca7
to
e916de7
Compare
e916de7
to
44980c7
Compare
#379 seems to be fine with this one |
Add the capability to watch multiple files. Move it to a separate package in order to make it reusable.
Add a helper/wrapper in pkg/utils to handle gRPC server-side certificate rotation.
Watch for changes in TLS files and re-connect to nfd-master in the event of changes.
44980c7
to
2d20a2f
Compare
Rebased. Moved |
/lgtm |
Leveraging some of the work done on worker config file watcher lately, implement filesystem watcher of TLS certificate files for nfd-master and nfd-worker.