Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-684

Watch TLS certs & reload

XMLWordPrintable

    • False
    • None
    • False
    • Hide
      Previously, when using TLS, the console plug-in, agent, and flowlogs-pipeline got certificates from a mounted config map or secret. If a certificates were replaced, the mounted value inside the pods was not updated, forcing the pods to continue using the old certificates. As a consequence, the console plug-in, agent, or flowlogs-pipeline could lose connectivity to services such as Loki or Kafka.
      With this patch, the certificates content are watched, so a change triggers restarting the pods that mounted those certificates, with new volumes configured. As a result, connectivity to Loki or Kafka is automatically restored.
      Show
      Previously, when using TLS, the console plug-in, agent, and flowlogs-pipeline got certificates from a mounted config map or secret. If a certificates were replaced, the mounted value inside the pods was not updated, forcing the pods to continue using the old certificates. As a consequence, the console plug-in, agent, or flowlogs-pipeline could lose connectivity to services such as Loki or Kafka. With this patch, the certificates content are watched, so a change triggers restarting the pods that mounted those certificates, with new volumes configured. As a result, connectivity to Loki or Kafka is automatically restored.
    • Known Issue
    • Done
    • NetObserv - Sprint 228, NetObserv - Sprint 229, NetObserv - Sprint 230, NetObserv - Sprint 231

      Currently, TLS certificates are not reloaded when updated outside of NOO.

      Whe should use a watcher (as same as in https://github.com/netobserv/network-observability-operator/pull/172) to check these changes and reload the associated components:

      • console plugin (loki cert)
      • agent (kafka cert)
      • FLP (loki / kafka cert)

              jtakvori Joel Takvorian
              jpinsonn@redhat.com Julien Pinsonneau
              Amogh Rameshappa Devapura Amogh Rameshappa Devapura
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: