Watch certificate and restart
In the cordite project we use Braid, usually with letsencrypt certs that need updating every three months, practically more. The TLS certs are presented as secrets, currently, that we update when we renew.
It would be amazing if we didn't have to bounce the node to pick this up.
I think there are a few things we'd have to check here (I'll help).
If we update a secret, does a running pod see the old or new cert? If the answer is the old one we need a rethink. If the answer is that it can see the new version of the certs, then it would be good if braid could keep an eye on the cert and use the new cert somehow.
I guess we need to be careful about how to do this. E.g. instant bounce? Timed bounce? Some config? Can we honour existing connections/state/websockets?
Anyway, declaratively, can we have a think about how not to have to bounce braid if certs are updated in some way?
Thanks :-)