Hello,
I have succesfully setup Kong Ingress with mTLS for upstream services using env vars:
KONG_NGINX_PROXY_PROXY_SSL_CERTIFICATE="/path/to/client_cert.pem"
KONG_NGINX_PROXY_PROXY_SSL_CERTIFICATE_KEY="/path/to/key.pem"
as specified here: Using mTLS with Kong - v1.1.x | Kong - Open-Source API Management and Microservice Management
The certificates are mounted in a Volume and I am using a DBLess kong ingress.
The problem is, when I rotate certificates in the mounted volume configured in the environment variables, I have not found a way to successfully signal Kong to reload certificates.
What I have tried so far is:
- Signaling SIGHUP to nginx master process: Does not work because the kong’s configuration gets lost and routes are emptied.
-
Kong reload
withkubectl exec -n kong ingress-controller-pod -c proxy -- kong reload
: It also does not work for the same reason, the configuration get lost and routes no longer work.
How can I do it?
Since I have already develop the infrastructure to rotate certs in the mounted volume using a sidecar container, I would appreciate if you can guide me in achieving it in in that way.
Thanks!