Does etcd support automatic/dynamic server certificate reload? #15444
-
Hi @ahrtr , But when I checked etcd 3pp source code, area around change is done , it looks like only peer/client certificates reloading happens dynamically. So my question is that does etcd support dynamic certificate reloading of server certificates? Thanks, |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
Hi @ahrtr , Thanks |
Beta Was this translation helpful? Give feedback.
-
Yes, etcd supports dynamically reloading certificates. Each time when etcdserver receives a new connection, it reloads the certificate automatically via the GetCertificate, but it will not affect the ongoing client connections/requests. For example,
|
Beta Was this translation helpful? Give feedback.
-
Note that we can improve the certificate reloading process a little bit. It doesn't make sense to reload the certificate each time on receiving a connection, even there is no change on the files. Instead, a better way is to reload the certificate files on receiving SIGHUP signal. |
Beta Was this translation helpful? Give feedback.
Yes, etcd supports dynamically reloading certificates. Each time when etcdserver receives a new connection, it reloads the certificate automatically via the GetCertificate, but it will not affect the ongoing client connections/requests.
For example,
--cert-file
) or key (--key-file
);context deadline exceeded
error.