Open
Description
I want to avoid restarting client/server when certificates/trust stores are updated periodically. I see certificate provider plugin framework using file_watcher can potentially help me achieve that.
I created the following bootstrap config
{
"xds_servers": [
{
"server_uri": "127.0.0.1:33333",
"channel_creds": [
{
"type": "insecure"
}
],
"server_features": [
"xds_v3"
]
}
],
"node": {
"id": "grpc-proxyless"
},
"certificate_providers": {
"default": {
"plugin_name": "file_watcher",
"config": {
"certificate_file": "/path/to/server-cert.pem",
"private_key_file": "/path/to//server-key.pem",
"ca_certificate_file": "/path/to//ca-cert.pem",
"refresh_interval": "3600s"
}
}
}
}
Since bootstrap file MUST include xds_servers address, I wonder how does this approach makes it a generic alternative to the SDS server/agent based solution and eliminates the dependency on the SDS protocol as claimed here. ANy example to demonstrate that, will help make it clear.
Also, I do NOT want to use xDS control plane. But I am trying to find a way to use file_watcher plugin independent xDS.
Metadata
Metadata
Assignees
Labels
No labels