[Autocert] How to make service applications to pick up and reload renewed certificates without restarting

[imageschool]

I have installed 'autocert' through the helm chart, which works very well. (Thank you to the community)

I am then providing these certificates to my other k8s services such as code-server or Elastic Kibana so they can have continuous TLS support. I know that the maximum duration of the certificate is 24h and the renewer is renewing them very well, however, how can I let those services pick up the new certificate instead of the old one?

Unlike some applications that have features to either manually/automatically reload certificates, code-server (Visual Studio code) does not seem to have a reload method. As a result, the only way I can think of right now is to manually restart a pod which is not ideal.

@maraino in my previous issue suggested me to include an inotify-based tool in the docker image to monitor the certificate renewal, then modify code-server code (Node.js) to reload the certificate.

I am not very familiar with the idea, so I would really appreciate your help!

Thanks!

[imageschool]

As an alternative solution, I resolved this issue by increasing the duration to one year in Configmap by following below.

• Possible to set default max lifetime for TLS cert with autocert #425
• Increase the certificate validity to more than 24 hours #401
• https://smallstep.com/docs/step-ca/configuration