Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding reloading of TLS certificates #2656

Merged
merged 7 commits into from
Nov 14, 2022
Merged

Adding reloading of TLS certificates #2656

merged 7 commits into from
Nov 14, 2022

Conversation

camillsir
Copy link
Contributor

@camillsir camillsir commented Nov 10, 2022
edited by nitrocode
Loading

Adding reloading of TLS certificates without restarting the application. Tested both http and https with this change. I didn't see a way to pass in a logger so I omitted all logging steps.

This is needed as I have a use case that uses cert-manager to generate Let's Encrypt TLS certificates. These certificates have a short lifetime and need to be rotated while the application is running.

Closes #2658

@camillsir camillsir requested a review from a team as a code owner November 10, 2022 01:03
@nitrocode
Copy link
Member

@camillsir please fix tests

WARN [runner] The linter 'interfacer' is deprecated (since v1.38.0) due to: The repository of the linter has been archived by the owner.  
server/server.go:895:16: G402: TLS MinVersion too low. (gosec)
	tlsConfig := &tls.Config{GetCertificate: s.GetSSLCertificate}
	              ^
make: *** [Makefile:68: check-lint] Error 1

Exited with code exit status 2

@nitrocode nitrocode mentioned this pull request Nov 10, 2022
Merged
nitrocode
nitrocode reviewed Nov 10, 2022
View reviewed changes
server/server.go Outdated Show resolved Hide resolved
@jamengual jamengual added the waiting-on-review Waiting for a review from a maintainer label Nov 10, 2022
nitrocode
nitrocode reviewed Nov 10, 2022
View reviewed changes
server/server.go Outdated Show resolved Hide resolved
@nitrocode
Copy link
Member

cc: @lkysow @chenrui333 @jamengual please review to get a second set of eyes

@nitrocode nitrocode merged commit 9b90f2e into runatlantis:main Nov 14, 2022
@nitrocode
Copy link
Member

Thank you @camillsir !

krrrr38 pushed a commit to krrrr38/atlantis that referenced this pull request Dec 16, 2022
@camillsir @nitrocode @krrrr38
Adding reloading of TLS certificates (runatlantis#2656)
d193678 
* Adding reloading of TLS certificates

* Update server/server.go

Co-authored-by: nitrocode <[email protected]>

* Adding test and test data

* Set minimum tls version

* Adding read header timeout

Co-authored-by: nitrocode <[email protected]>
@nitrocode nitrocode added this to the 0.21.0 milestone Jan 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nitrocode nitrocode nitrocode approved these changes

Assignees
No one assigned
Labels
waiting-on-review Waiting for a review from a maintainer
Projects
None yet
Milestone
v0.21.0
Development

Successfully merging this pull request may close these issues.

Support hot reloading of TLS certificates
3 participants
@camillsir @nitrocode @jamengual