The secret containing the keystore is mouted as symlink in the kubernetes pod:

drwxr-sr-x 2 root 1001  140 Oct 16 14:12 ..2024_10_16_14_12_19.2285581092
lrwxrwxrwx 1 root 1001   32 Oct 16 14:12 ..data -> ..2024_10_16_14_12_19.2285581092
lrwxrwxrwx 1 root 1001   13 Oct 16 13:43 ca.crt -> ..data/ca.crt
lrwxrwxrwx 1 root 1001   19 Oct 16 13:43 keystore.jks -> ..data/keystore.jks
lrwxrwxrwx 1 root 1001   14 Oct 16 13:43 tls.crt -> ..data/tls.crt
lrwxrwxrwx 1 root 1001   14 Oct 16 13:43 tls.key -> ..data/tls.key
lrwxrwxrwx 1 root 1001   21 Oct 16 13:43 truststore.jks -> ..data/truststore.jks 

The WebServerComponent starts some tasks detects the file changes and should reload the SslContextFactory if the keystore or the truststore changes.

The scanner which is used to detect the filechanges reports the path of the changed files as realpaths (resolved symlinks). 

The WebServerComponent on the other hand stores the reload task under the symlink path.

So we have a missmatch between the two paths:

• Scanner path: /amq/extra/secrets/my-cert-secret/..2024_10_16_14_35_54.563918461/keystore.jks
• Task path: /amq/extra/secrets/my-cert-secret/keystore.jks

Maybe it would be sufficient to initialize the scanner without realPath reporting.
 
scanner = new Scanner(scannerScheduler, false);