Skip to content

add functionality to re-read config file, certificate #2274

@andras-babos

Description

@andras-babos

Preflight Checklist

  • I agree to follow the Code of Conduct that this project adheres to.
  • I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

We use dex with tls certificates which needs to be expired and rotated every 60 days. After we replace the tls certificates on disk (in kubernetes secret), the dex still presenting the old cert and eventually will present the service with expired cert.
Our current method is to manually restart the application before the 60 days expiration time.
As we use cert-manager.io to automatically renew the tls certificates it would be great if dex itself can detect the changed config files and use the new certs without full application restart.

Proposed Solution

Please include a feature in dex to detect changes in certificates or config files in general and apply the related changes without manual restart.

Alternatives Considered

Currently we restart the application with external methods (script, cronjob, modify kubernetes deployment, etc.) so we have workaround but it's not ideal.

Additional Information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions