Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document how API service pods can use config/secret reloaders to track cert rotation #185

Open
kd7lxl opened this issue Feb 23, 2021 · 1 comment
Open

Document how API service pods can use config/secret reloaders to track cert rotation #185

kd7lxl opened this issue Feb 23, 2021 · 1 comment

Comments

@kd7lxl
Copy link
Contributor

kd7lxl commented Feb 23, 2021
edited
Loading

Konk uses certificate manager to sign relatively short lifespan certificates. After certificates are automatically rotated, the api service using them needs to begin using the new cert value. For cases where the service itself cannot do this itself, there is a common pattern in Kubernetes that uses a config reloader sidecar. This is a common use case and should be described in konk documentation.
@kd7lxl
Copy link
Contributor Author

kd7lxl commented May 17, 2021

Since dynamic reload of certs is supported by the Kubernetes SDK, using another type of reloader is an edge case. We expect most users will use the SDK. Documenting how to not use the SDK is a low priority.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kd7lxl