Feature #65470
openBeast lacks ssl_short_trust option to reload ssl certificate without restart
0%
Description
Previously civetweb rgw had an option (ssl_short_trust) to automatically reload certs, for instance when they are short-lived and rotated frequently:
https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md#ssl_short_trust-no
When SSL was added to Beast this option was overlooked: https://tracker.ceph.com/issues/22832
This regression(?) is mentioned in the discussion here:
https://github.com/ceph/ceph/pull/20464#issuecomment-464867120
We are testing SSL with RGW using Rook in Kubernetes, and everything seems to work fine other than the certificate expiry, since it is being renewed by Cert-Manager fairly often. The certificate file on disk is updated, radosgw just needs a way to re-read it.
Restarting the rgw is an option but seems a bit heavy-handed and would require some more integration with Kubernetes to gracefully roll the deployment (and/or managed by Rook Operator)
No data to display