-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KEDA components don't reload certificates #5055
Comments
Is using push notifications from the operator to notify other servers to reload certificates a good solution? |
I think that just a watch on the file is a better option, because the operator doesn't manage the certificates always. I mean, if certificates are managed externally, I'd like to reload them when there are changes on the file system (IIRC, mounted secrets are updated when the secret changes).
Maybe I'm missing something, what do you thing @zroubalik ? |
I agree, that using a file watch is the best solution. I think that there's already existing functionality for that in Metrics Server library. Not 100% at the moment. |
Great! using a file watch is the better one. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. |
Report
Currently, we have some processes relying on generated certificates, such as the metrics server and the communication channel between MS and the operator. If the certificate changes, we must ensure that it's reloaded in all the components. For example, if a user switch from operator-managed certificate to cert-manager, the metrics server won't be restarted because there are no changes on it, but the exposed certificate by the operator has changed.
This can applies also on CA rotation, etc
The text was updated successfully, but these errors were encountered: