-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Description
Preflight Checklist
- I agree to follow the Code of Conduct that this project adheres to.
- I have searched the issue tracker for an issue that matches the one I want to file, without success.
Problem Description
We use dex with tls certificates which needs to be expired and rotated every 60 days. After we replace the tls certificates on disk (in kubernetes secret), the dex still presenting the old cert and eventually will present the service with expired cert.
Our current method is to manually restart the application before the 60 days expiration time.
As we use cert-manager.io to automatically renew the tls certificates it would be great if dex itself can detect the changed config files and use the new certs without full application restart.
Proposed Solution
Please include a feature in dex to detect changes in certificates or config files in general and apply the related changes without manual restart.
Alternatives Considered
Currently we restart the application with external methods (script, cronjob, modify kubernetes deployment, etc.) so we have workaround but it's not ideal.
Additional Information
No response