ratelimit icon indicating copy to clipboard operation
ratelimit copied to clipboard
verified publisher icon envoyproxy

Add CertProvider to hot reload TLS certs for gRPC service

Open jayme-github opened this issue 1 year ago • 3 comments

This implements a goruntime instance to watch for on disk changes of gRPC certificates.

Certificates will be reloaded in case of change and the gRPC service will always fetch the latest one via GetCertificate on new connections instead of the static Certificates slice.

jayme-github avatar May 16 '24 07:05 jayme-github

Can you add documentation for this change and optimally some kind of test?

I've added documentation for it. Regarding tests I'm a bit unsure. I could write tests for CertProvider which would need to heavily mock the goruntime parts or tests them as well (which I don't think is desired). What would you suggest to write tests for here?

jayme-github avatar Jun 17 '24 12:06 jayme-github

What would you suggest to write tests for here?

In a perfect world some kind of integration test.

mattklein123 avatar Jun 17 '24 14:06 mattklein123

What would you suggest to write tests for here?

In a perfect world some kind of integration test.

Done. Hope this looks like something you would expect.

jayme-github avatar Jun 24 '24 15:06 jayme-github

@mattklein123 would you mind taking a look again please?

jayme-github avatar Jul 19 '24 15:07 jayme-github