ingress-nginx-helm/docs/enhancements/20190724-only-dynamic-ssl.md

title	authors	reviewers	approvers	editor	creation-date	last-updated	status	see-also	replaces	superseded-by
Remove static SSL configuration mode	@aledbf	@ElvinEfendi	@ElvinEfendi	TBD	2019-07-24	2019-07-24	implementable

Remove static SSL configuration mode

Table of Contents

• Summary
• Motivation
  • Goals
  • Non-Goals
• Proposal
  • Implementation Details/Notes/Constraints
• Drawbacks
• Alternatives

Summary

Since release 0.19.0 is possible to configure SSL certificates without the need of NGINX reloads (thanks to lua) and after release 0.24.0 the default enabled mode is dynamic.

Motivation

The static configuration implies reloads, something that affects the majority of the users.

Goals

• Deprecation of the flag --enable-dynamic-certificates.
• Cleanup of the codebase.

Non-Goals

• Features related to certificate authentication are not changed in any way.

Proposal

• Remove static SSL configuration

Implementation Details/Notes/Constraints

• Deprecate the flag Move the directives ssl_certificate and ssl_certificate_key from each server block to the http section. These settings are required to avoid NGINX errors in the logs.
• Remove any action of the flag --enable-dynamic-certificates

Drawbacks

Alternatives

Keep both implementations