Implement Certificate Hot Reloading #18
Labels
enhancement
New feature or request
Comments
|
brief update on this: I have spent some time this morning writing some code to efficiently handle the cert / key pair hot-reloading. It's looking good but I need to test it and I also need to figure out a way of handling the refreshing of the gatekeeper CA cert. When I have completed it for cosign gatekeeper provider rewrite I will raise it in a WIP PR for this repo 😄 . |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the solution you'd like
Having spent some time working on an ExternalData Provider in the past, one thing that I spent some time on was working on hot reloading of certificates when they expire / are refreshed. From what I can tell it seems as though this would require the provider to be restarted.
Making sure that in the case of any of the certificates (provider's
tls.crt/tls.key, gatekeeper'sca.crt) that the new certificates are loaded in would be a nice addition in my opinion 😄.Some of this is mentioned in the Github issue here.
Anything else you would like to add:
I plan on completing some in progress work to refresh the cosign gatekeeper provider. It might be a good goal to try to standardise the code wherever possible for ease of future contribution? Just an idea.
The text was updated successfully, but these errors were encountered: