Comments (4)
@wallyqs does this mean that as of today, if we update the TLS certs, NATS won't pick up on those changes?
from k8s.
@wallyqs does this mean that as of today, if we update the TLS certs, NATS won't pick up on those changes?
AFAIK, any changes in secret
resource isn't applied into a deployed POD unlike a "configmap".
i.e) If there is any change in configmap, it's applied into a deployed POD and reloader container will catch this changes but any changes for secret resource, it isn't applied into POD. So reloader can't catch this configuration changes.
I guess it's very helpful for zero downtime on updating a TLS cert.
@wallyqs
Could you share a plan to backport this feature as you mentioned?
from k8s.
That's right, to fix this need to mount the secrets that could change into the container from the reloader here: https://github.com/nats-io/k8s/blob/main/helm/charts/nats/templates/statefulset.yaml#L456-L462
Then pass the --config
flag for each one of the secrets that need to be monitored for changes to reload the server.
from k8s.
That's right, to fix this need to mount the secrets that could change into the container from the reloader here: https://github.com/nats-io/k8s/blob/main/helm/charts/nats/templates/statefulset.yaml#L456-L462 Then pass the
--config
flag for each one of the secrets that need to be monitored for changes to reload the server.
Thanks. It works well 👍
from k8s.
Related Issues (20)
- Allow annotation to be added to service via nats helm chart values.yaml HOT 1
- Prom-Exporter container failing : [ERR] Could not find server_id: invalid character 'C' looking for beginning of value HOT 5
- Nats installation on a fresh K8s cluster errors : no matches for kind "PodMonitor" HOT 1
- LB indefinitely stuck in Pending state , when using loadBalancerIP HOT 2
- helm charts v1.0.0 nukes image pull secrets HOT 6
- [nats helm] Global Image Pull Secrets
- Jetstream issue with fileStore disabled. HOT 4
- Re-add nodeSelector to helm chart HOT 1
- NATS Chart Probes not Using HTTPS when Monitor TLS is Enabled HOT 1
- No way to pass nodeSelector or Pod affinity to nats helm chart HOT 1
- Templatize apiVersion and Kind of nats/pod-monitor for GKE compatibility HOT 1
- Upgrading from 0.x to 1.0 according to docs does not work HOT 1
- Prometheus discovery annotations not set on NATS (JetStream) deployment HOT 4
- Support `mappings` in nats config HOT 3
- [nats helm chart] Changing the configuration resource from ConfigMap to Secret due to sensitive authorization data. HOT 2
- Dependabot Failing HOT 1
- Can not enable JetStream + Cluster when using Helm-Chart HOT 11
- volumeClaimTemplates can't sync with argocd HOT 2
- Security vulnerability in natsio/nats-server-config-reloader:0.14.0 image HOT 1
- Make pid file and config file defaults for nats helm chart and for the natsio/nats-server-config-reloader image match HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k8s.