63 lines
1.6 KiB
Markdown
63 lines
1.6 KiB
Markdown
---
|
|
title: Remove static SSL configuration mode
|
|
authors:
|
|
- "@aledbf"
|
|
reviewers:
|
|
- "@ElvinEfendi"
|
|
approvers:
|
|
- "@ElvinEfendi"
|
|
editor: TBD
|
|
creation-date: 2019-07-24
|
|
last-updated: 2019-07-24
|
|
status: implementable
|
|
see-also:
|
|
replaces:
|
|
superseded-by:
|
|
---
|
|
|
|
# Remove static SSL configuration mode
|
|
|
|
## Table of Contents
|
|
|
|
<!-- toc -->
|
|
- [Summary](#summary)
|
|
- [Motivation](#motivation)
|
|
- [Goals](#goals)
|
|
- [Non-Goals](#non-goals)
|
|
- [Proposal](#proposal)
|
|
- [Implementation Details/Notes/Constraints](#implementation-detailsnotesconstraints)
|
|
- [Drawbacks](#drawbacks)
|
|
- [Alternatives](#alternatives)
|
|
<!-- /toc -->
|
|
|
|
## Summary
|
|
|
|
Since release [0.19.0](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.19.0) is possible to configure SSL certificates without the need of NGINX reloads (thanks to lua) and after release [0.24.0](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.24.0) the default enabled mode is dynamic.
|
|
|
|
## Motivation
|
|
|
|
The static configuration implies reloads, something that affects the majority of the users.
|
|
|
|
### Goals
|
|
|
|
- Deprecation of the flag `--enable-dynamic-certificates`.
|
|
- Cleanup of the codebase.
|
|
|
|
### Non-Goals
|
|
|
|
- Features related to certificate authentication are not changed in any way.
|
|
|
|
## Proposal
|
|
|
|
- Remove static SSL configuration
|
|
|
|
### Implementation Details/Notes/Constraints
|
|
|
|
- Deprecate the flag Move the directives `ssl_certificate` and `ssl_certificate_key` from each server block to the `http` section. These settings are required to avoid NGINX errors in the logs.
|
|
- Remove any action of the flag `--enable-dynamic-certificates`
|
|
|
|
## Drawbacks
|
|
|
|
## Alternatives
|
|
|
|
Keep both implementations
|