Allow disabling auto-reload#155
Conversation
ramondeklein
force-pushed
the
disable-auto-reload
branch
from
7cb695f to
f67dff9
Compare
ramondeklein
force-pushed
the
disable-auto-reload
branch
from
f67dff9 to
fa45ff3
Compare
| func NewManager(ctx context.Context, certFile, keyFile string, loadX509KeyPair LoadX509KeyPairFunc) (manager *Manager, err error) { | ||
| func NewManager(ctx context.Context, certFile, keyFile string, loadX509KeyPair LoadX509KeyPairFunc, opts ...func(*Manager)) (manager *Manager, err error) { |
There was a problem hiding this comment.
I choose this option (instead of passing a disableAutoReload parameter) to ensure the API doesn't break. If this isn't an issue, we may want to pass a parameter instead.
|
@aead @harshavardhana I would like to go ahead with my |
|
@aead @harshavardhana Can you review? We need this fix to allow the operator sidecars to reload all certificates when the |
|
@harshavardhana Do you know anyone else who can review this PR? I would like to improve the auto-reloading of certificates in Kubernetes without restarting. I had to restart a customer's statefulset today again, because they added an external certificate and it wasn't picked up. |
2 participants
The current
certs.Manageronly allows reloading of existing certificates. These certificates are reloaded when the certificate file (on disk) is changed or when the manager receivesSIGHUP.For AIStor operator, we should also support adding new certificates. The sidecar will copy the certificates to the appropriate location and instruct MinIO to reload ALL certificates by sending
SIGHUP. By disabling the auto-reload functionality incerts.Manager, reloading the certificates twice (and possible dangling Go-routines) will be prevented.If
certs.WithDisableAutoReload()is not added, then functionality is still the same.This is required for https://github.com/miniohq/eos/pull/554.