-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reload provider file configuration on SIGHUP #9993
Conversation
4d30183
to
02d59e0
Compare
This comment was marked as off-topic.
This comment was marked as off-topic.
Hello @sokoide, Thanks for this contribution! I'll speak only on my behalf and it would be better to wait for other maintainers' opinions before making any changes, but I have a suggestion. In my opinion, the way you managed to access the This PR is focused on the file provider but it seems to me that it could be a good thing to have a global reload method exposed by the |
Hello @sokoide, Would you like some help to work on the PR? |
@nmengin , thank you for the message! @sandy2008 and I will start looking at it early next week and get back. |
a693428
to
b5daf09
Compare
b36f43c
to
231488c
Compare
@nmengin, @sandy2008 and I implemented the |
@nmengin Hi! Would you mind take a look at this PR? |
Hello @nmengin, the unit test failure in the actions is also reproducible in the latet
|
Hi @nmengin! Thank you for your feedback. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👏
Thank you @sokoide @sandy2008.
It works as expected and it will help lots of people dealing with the file provider 👍
Co-Authored-By: sandy2008 <Yuxuan.Chen@morganstanley.com>
Hello @sokoide, @sandy2008, After more thought, the current implementation, using an interface to address the use case globally, doesn't seem adapted. Indeed, because of our providers' implementation, the With the other maintainers, we want your PR embedded in the incoming v3.0 RC. If the suggestion looks good to you, we'll merge it. |
@nmengin , sounds great :). Thank you very much! |
Hello @sokoide, @sandy2008 As mentioned above, we have added a commit to move the logic into the File provider. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I add the label |
@nmengin , thank you. I'm testing this scenario. Please give me one more day.
|
@nmengin, @rtribotte, I tested and confirmed both clientauth (mTLS) and server TLS (DNS validation for client) were fine. LGTM :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🚀
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks 👍
What does this PR do?
The patch is to reload a file config on SIGHUP.
Fixes #1188
Related to #3083
Motivation
If you 'touch' the file config, Traefik reloads it automatically. However, if it's created from a configmap in K8s, the file is read-only and can't touch it.
If cert files specified by the file config is updated by a cert agent (e.g. renewed to extend expiration date), we'd like the cert agent to force reload it.
More
Additional Notes
The change is,
watcher.ReloadFileConfig()
watcher.ReloadFileConfig()
gets a pointer of file provider from theproviderAggregator
and callsfileProficer.BuildConfiguration
to get a configurationConfigurationWatcher.allProvidersConfigs
channel