I have succesfully setup Kong Ingress with mTLS for upstream services using env vars:
The certificates are mounted in a Volume and I am using a DBLess kong ingress.
The problem is, when I rotate certificates in the mounted volume configured in the environment variables, I have not found a way to successfully signal Kong to reload certificates.
What I have tried so far is:
- Signaling SIGHUP to nginx master process: Does not work because the kong’s configuration gets lost and routes are emptied.
kubectl exec -n kong ingress-controller-pod -c proxy -- kong reload: It also does not work for the same reason, the configuration get lost and routes no longer work.
How can I do it?
Since I have already develop the infrastructure to rotate certs in the mounted volume using a sidecar container, I would appreciate if you can guide me in achieving it in in that way.