Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider adding WatchConfig and automatic reload for CA secrets #310

Open
2 tasks done
jansobczak opened this issue Jan 25, 2024 · 1 comment
Open
2 tasks done

Consider adding WatchConfig and automatic reload for CA secrets #310

jansobczak opened this issue Jan 25, 2024 · 1 comment
Labels
kind/enhancement Categorizes issue or PR as related to an improvement. lifecycle/keep Denotes an issue or PR that should be preserved from going stale.

Comments

@jansobczak
Copy link

Preflight Checklist

  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I agree to follow the Code of Conduct.

Problem Description

When using cert-manager as CA provider for webhook in line

vault-secrets-webhook/main.go

Line 175 in 5c5715a

tlsCertFile := viper.GetString("tls_cert_file")

this CA is read but when CA rotates this require a rollout of the webhook deployment

Proposed Solution

Use the WatchConfig() in viper library to detect change in the file and reload vault-secrets-webhook

Alternatives Considered

No response

Additional Information

No response
@jansobczak jansobczak added the kind/enhancement Categorizes issue or PR as related to an improvement. label Jan 25, 2024
@jansobczak jansobczak changed the title Consider adding WatchConfig and automatic reload for CA Consider adding WatchConfig and automatic reload for CA secrets Jan 25, 2024
@ramizpolic
Copy link
Member

Thanks for raising this @jansobczak! If you have some time to assist on this, would be quite helpful. Let us know so we can plan ahead.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Mar 31, 2024
@csatib02 csatib02 removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Mar 31, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Jun 2, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Jun 2, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Jun 2, 2024
@csatib02 csatib02 removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Jun 2, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Aug 4, 2024
@csatib02 csatib02 added lifecycle/keep Denotes an issue or PR that should be preserved from going stale. and removed lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. labels Aug 4, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Aug 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Categorizes issue or PR as related to an improvement. lifecycle/keep Denotes an issue or PR that should be preserved from going stale.
Projects
Project backlog
Status: 🆕 New
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jansobczak @ramizpolic @csatib02