What would you like to be added?
When using TLS authentication for "agents" there is a limitation that has been found with the way that we load the certificates, since we load the certs at startup time if the cert expires whilst the "agent" is running it will hit an infinite authentication failure "wall"
We need the "agent" to be smarter to self heal itself for example within k8's cert manager will automatically renew the certificate over the existing cert, however, the "agent" will try infinitely to re authenticate without reloading the certificates
Current workaround is killing the existing pods so that startup happens again, however, this is not an ideal solution when using short life certs
/kind enhancement
Why is this needed?
"agents" can be smarter about how to deal with a 401 response from LAPI when using certificate authentication
What would you like to be added?
When using TLS authentication for "agents" there is a limitation that has been found with the way that we load the certificates, since we load the certs at startup time if the cert expires whilst the "agent" is running it will hit an infinite authentication failure "wall"
We need the "agent" to be smarter to self heal itself for example within k8's cert manager will automatically renew the certificate over the existing cert, however, the "agent" will try infinitely to re authenticate without reloading the certificates
Current workaround is killing the existing pods so that startup happens again, however, this is not an ideal solution when using short life certs
/kind enhancement
Why is this needed?
"agents" can be smarter about how to deal with a 401 response from LAPI when using certificate authentication