-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dynamic secrets/certificate rotation #553
Labels
area/control-plane
General control plane issues
enhancement
New feature or request
refined
Requirements are refined and the issue is ready to be implemented.
Milestone
Comments
pleshakov
added
area/nginx-configuration
Relates to nginx configuration
area/control-plane
General control plane issues
bug
Something isn't working
enhancement
New feature or request
and removed
area/nginx-configuration
Relates to nginx configuration
bug
Something isn't working
labels
Apr 7, 2023
Closed
mpstefan
added
the
refined
Requirements are refined and the issue is ready to be implemented.
label
Jun 5, 2023
pleshakov
added a commit
to pleshakov/nginx-gateway-fabric
that referenced
this issue
Jun 16, 2023
Problem: Watch for secret updates Solves nginx#553 Solution: Watch for secret updates
pleshakov
added a commit
to pleshakov/nginx-gateway-fabric
that referenced
this issue
Jul 7, 2023
Problem: NKG doesn't watch for updates of TLS Secrets referenced by Gateway resource. Solution: - Move secrets processing into ChangeProcessor. - Introduce helper secretResolver component to resolve Secrets (includes validation) and capture resolved Secrets. - When building Gateway Listener, resolve Secrets using secretResolver. - When building Graph, add referenced Secrets by Gateway to the Graph, including the ones that don't exists. - When Upserting or Deleting a Secret to ChangeProccessor, use Graph to determine if the Secret is referenced by the Graph and thus changes the store. - When building Configuration, add all TLS Secrets to it referenced by _valid_ TLS Listeners. - Update NGINX file.Manager so that it can deal with multiple files of two types: regular and secret. - Remove SecretStore and SecretDiskMemoryManager components. Solves nginx#553 Solves nginx#441 Testing: - Update affected and add new unit tests - Manual testing - Conformance testing. Relevant tests pass: TestConformance/GatewayInvalidTLSConfiguration
pleshakov
added a commit
that referenced
this issue
Jul 7, 2023
Problem: NKG doesn't watch for updates of TLS Secrets referenced by Gateway resource. Solution: - Move secrets processing into ChangeProcessor. - Introduce helper secretResolver component to resolve Secrets (includes validation) and capture resolved Secrets. - When building Gateway Listener, resolve Secrets using secretResolver. - When building Graph, add referenced Secrets by Gateway to the Graph, including the ones that don't exists. - When Upserting or Deleting a Secret to ChangeProccessor, use Graph to determine if the Secret is referenced by the Graph and thus changes the store. - When building Configuration, add all TLS Secrets to it referenced by _valid_ TLS Listeners. - Update NGINX file.Manager so that it can deal with multiple files of two types: regular and secret. - Remove SecretStore and SecretDiskMemoryManager components. Solves #553 Solves #441 Testing: - Update affected and add new unit tests - Manual testing - Conformance testing. Relevant tests pass: TestConformance/GatewayInvalidTLSConfiguration
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
area/control-plane
General control plane issues
enhancement
New feature or request
refined
Requirements are refined and the issue is ready to be implemented.
As a user of NKG
I want NKG to update my configuration when I update my secrets
So that I do not need to redeploy my Gateway to update my certificates.
Acceptance Criteria
The text was updated successfully, but these errors were encountered: