Watch TLS certificate and key files #9718
Comments
|
The official chart does offer hot reload for config map or secret changes via https://github.com/fluent/helm-charts/blob/f9cad1572a0a3f6bcf0cb2582023ece2d76e34af/charts/fluent-bit/values.yaml#L513-L516 I think this should do what you require? |
|
Hey @patrick-stephens thanks for your input, but I am not sure if that will help, because the reloader does watch the original config map only, we do provide an additional one via And the reloader does watch the config only, not the referenced tls secret where a change will happen. I will try it out but I am pretty sure it will not work. |
|
If it doesn't I'm sure it can be easily customised via a PR though to add the extra parameters required |
Is your feature request related to a problem? Please describe.
We do run
fluent-bitto export our logs to a opensearch driven logging instance. The output does authenticate via TLS certificates. We do rotate these certificates on a daily basis, but fluent-bit does not reload the mounted secret and I do not see an option to configure that.Describe the solution you'd like
A configuration option to configure fluent-bit to watch the tls secret mount point, or a interval based approach to define a reload interval (e.g. 30m)
Additional context
Currently the only option I do see is creating a CronJob in k8s calling the http hot reload api, yet not tested it.
The text was updated successfully, but these errors were encountered: