Skip to content

Commit

Permalink
CFE-986: Reload router when defaultDestinationCA is updated
Browse files Browse the repository at this point in the history
  • Loading branch information
bharath-b-rh committed Nov 20, 2023
1 parent fb70ac4 commit 70e170d
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions pkg/router/template/router.go
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,9 @@ func newTemplateRouter(cfg templateRouterCfg) (*templateRouter, error) {
if err := router.watchMutualTLSCert(); err != nil {
return nil, err
}
if err := router.watchCABundleCert(); err != nil {
return nil, err
}
if router.dynamicConfigManager != nil {
log.V(0).Info("initializing dynamic config manager ... ")
router.dynamicConfigManager.Initialize(router, router.defaultCertificatePath)
Expand Down Expand Up @@ -1489,3 +1492,24 @@ func privateKeysFromPEM(pemCerts []byte) ([]byte, error) {
}
return buf.Bytes(), nil
}

// watchCABundleCert watches the directory containing the CA bundle certificate
// and reloads the router if the directory contents change.
func (r *templateRouter) watchCABundleCert() error {
caBundleDir := filepath.Dir(r.defaultDestinationCAPath)

reloadFn := func() {
if err := r.reloadRouter(false); err != nil {
log.V(0).Error(err, "failed to reload router after detecting changes in CA bundle certificate directory")
return
}
log.V(0).Info("router was reloaded after detecting changes in CA bundle certificate directory")
}

if err := r.watchVolumeMountDir(caBundleDir, reloadFn); err != nil {
log.V(0).Error(err, "failed to establish watch on CA bundle certificate directory")
return err
}

return nil
}

0 comments on commit 70e170d

Please sign in to comment.