bootstrap: support for Envoy xDS certificate rotation #2333
Commits on May 14, 2020
-
bootstrap: support for Envoy xDS certificate rotation
Added new flag --resources-dir to bootstrap command for supporting path-based SDS resources to define xDS certificate and key. When using the flag, following changes take place: - Bootstrap file will contain references to SDS resource files instead of direct cert/key paths. - SDS resource file is written into resources dir for xDS client cert and key - SDS resource file is written into resources dir for xDS trusted CA cert With this change there is no need to restart Envoy anymore when certificates are rotated. Envoy will monitor and automatically reload the certificate and key files without causing an interruption to traffic. Any recent version of Envoy supports the above configuration, but Envoy 1.14.1 or later is required for automatic certificate reload. Signed-off-by: Tero Saarni <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.