Description
Subject of the issue
I have installed 'autocert' through the helm chart, which works very well. (Thank you to the community)
I am then providing these certificates to my other k8s services such as code-server or Elastic Kibana so they can have the TLS support. I know that the maximum duration of the certificate is 24h and the renewer is renewing them, however, how can I let those services pick up the new certificate instead of the old one?
Unless I restart the pod, they are still using the old certificate, i.e expired.
For an alternative solution, I also tried to adjust the duration of the certificate to one year by following this issue, but somehow the certificates are not being injected by the admission webhook.
Environment
- Kubernetes version:
rke2 version v1.22.9+rke2r2 (d7c26a45b92cf3f76c063e93f8c6448fde7b2456) go version go1.16.14b7 - Cloud provider or hardware configuration:
AWS EC2 - OS (e.g., from /etc/os-release):
NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
* Kernel (e.g., `uname -a`):
Linux ip-172-32-74-108 5.13.0-1023-aws #25~20.04.1-Ubuntu SMP Mon Apr 25 19:28:27 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
* Install tools:
lens (Kube IDE), helm chart, autocert
* Other:
Steps to reproduce
Tell us how to reproduce this issue
Expected behaviour
Tell us what should happen
Actual behaviour
Tell us what happens instead
Additional context
Add any other context about the problem here