Skip to content

Wrap Listener to also return dynamiclistener config #184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Wrap Listener to also return dynamiclistener config #184

wants to merge 4 commits into from

Conversation

vitorsavian
Copy link
Member

@vitorsavian vitorsavian commented Jul 3, 2025
edited
Loading

Proposed Changes

  • Use a wrapper for easy access to the listener config

Why

  • K3s need to regenerate leaf certs with hot reload without the need for restart
  • the main idea is to also return the config that was used for creating the listener, since the best way to regenerate/reload the dynamic listener cert on demand is to use the listener that was created in NewListenerWithChain initial setup.

@vitorsavian vitorsavian changed the title Wrap Listener to also return dynamiclistener config [WIP] Wrap Listener to also return dynamiclistener config Jul 3, 2025
@vitorsavian vitorsavian changed the title [WIP] Wrap Listener to also return dynamiclistener config Wrap Listener to also return dynamiclistener config Jul 3, 2025
@vitorsavian vitorsavian marked this pull request as ready for review July 3, 2025 19:11
@vitorsavian vitorsavian requested review from brandond and a team July 3, 2025 19:28
brandond
brandond requested changes Jul 3, 2025
View reviewed changes
Copy link
Member

@brandond brandond left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple nits.

How do you envision this being called from the K3s side? You're just planning on calling listener.RegenerateCerts directly from K3s?

If you add the ability to do that directly, you might as well remove the RegenerateCerts callback that can be set in the config, but is only called once from NewListenerWithChain

dynamiclistener/listener.go

Line 146 in 8fd666b

RegenerateCerts func() bool

dynamiclistener/listener.go

Lines 88 to 91 in 8fd666b

if config.RegenerateCerts != nil && config.RegenerateCerts() {
if err := dynamicListener.regenerateCerts(); err != nil {
return nil, nil, err
}

@vitorsavian
Address feedback
6801649 
Signed-off-by: Vitor Savian <[email protected]>
@vitorsavian vitorsavian requested a review from brandond July 7, 2025 16:05
brandond
brandond reviewed Jul 7, 2025
View reviewed changes
@vitorsavian vitorsavian requested a review from brandond July 7, 2025 18:27
@brandond
Copy link
Member

brandond commented Jul 7, 2025

Any plans to address the duplication of function with the existing RegenerateCerts callback? I think we should just get rid of it since K3s is the only user that I am aware of, and this would replace that.

@vitorsavian
Copy link
Member Author

I thought we would have another user that used dynamic listener, but since we are the only users, I will remove that.

@brandond
Copy link
Member

brandond commented Jul 7, 2025

We are actually the only users of NewListener/NewListenerWithChain - other rancher projects all just use server.ListenAndServe

@brandond
Copy link
Member

brandond commented Sep 8, 2025

@vitorsavian do we still need this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brandond brandond Awaiting requested review from brandond

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vitorsavian @brandond