proposal: atomic cert update #35
Labels
Comments
|
From @deis-admin on January 19, 2017 23:40 From @krancour on October 1, 2015 11:30 Possibly the controller could be modified to publish an additional etcd key corresponding to each cert. The value of that key could be a hash or fingerprint of the cert. This would be updated as certs are added/modified. On the router side, where the cert is used in the nginx config, the value of that etcd key could be included (using confd as usual) as a comment. The overall effect would be that when a cert is updated, a corresponding change to the nginx config also happens automatically, which would also trigger confd to reload nginx config. |
duanhongyi
added a commit
to duanhongyi/controller
that referenced
this issue
Nov 26, 2021
chore(chart): pretty chart format
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From @deis-admin on January 19, 2017 23:40
From @szymonpk on September 29, 2015 11:29
There is no way to do 'atomic' certificate update, if I do
deis certs:remove tld.com && derts certs:add tld.crt tld.key. Cert is changed on routers disk but nginx isn't restarted. It's required to have few minutes pause between each command or do some strange workarounds (restart routers by hand or add/remove certs for other apps where downtime is acceptable, then configuration is reloaded as one).I'm not sure which component should be modified to achieve this, can controller instrument routers? (request certificate refresh?)
Copied from original issue: deis/deis#4544
Copied from original issue: deis/controller#1223
The text was updated successfully, but these errors were encountered: