kubernetes
/
ingress-nginx
mirror of https://github.com/kubernetes/ingress-nginx.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ingress-nginx/docs/enhancements/20190724-only-dynamic-ssl.md

1.6 KiB
Raw Blame History

title authors reviewers approvers editor creation-date last-updated status see-also replaces superseded-by
Remove static SSL configuration mode
@aledbf
@ElvinEfendi
@ElvinEfendi
TBD 2019-07-24 2019-07-24 implementable

Remove static SSL configuration mode

Table of Contents

Summary

Since release 0.19.0 is possible to configure SSL certificates without the need of NGINX reloads (thanks to lua) and after release 0.24.0 the default enabled mode is dynamic.

Motivation

The static configuration implies reloads, something that affects the majority of the users.

Goals

  • Deprecation of the flag --enable-dynamic-certificates.
  • Cleanup of the codebase.

Non-Goals

  • Features related to certificate authentication are not changed in any way.

Proposal

  • Remove static SSL configuration

Implementation Details/Notes/Constraints

  • Deprecate the flag Move the directives ssl_certificate and ssl_certificate_key from each server block to the http section. These settings are required to avoid NGINX errors in the logs.
  • Remove any action of the flag --enable-dynamic-certificates

Drawbacks

Alternatives

Keep both implementations