Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Propagate TLS certs updates to admin / frontend / matching / history clients #272

Open
dhiaayachi opened this issue Sep 5, 2024 · 2 comments
Open

Propagate TLS certs updates to admin / frontend / matching / history clients #272

dhiaayachi opened this issue Sep 5, 2024 · 2 comments

Comments

@dhiaayachi
Copy link
Owner

Expected Behavior

When TLS certs are updated, properly propagate the cert changes to admin / frontend / matching / history clients

Actual Behavior

Seems that
GetRemoteAdminClient
GetRemoteFrontendClient
both functions will cache created admin / frontend client forever, even after TLS certs are updated
@dhiaayachi
Copy link
Owner Author

Thanks for reporting this issue.

It looks like you've identified a potential issue with the GetRemoteAdminClient and GetRemoteFrontendClient functions caching clients indefinitely, even after TLS certs are updated.

This behavior might lead to unexpected issues if the TLS certs are changed, as the clients might continue using the old, potentially invalid, certificates.

To work around this, you can consider the following:

  1. Manually Refresh Clients: Call the GetRemoteAdminClient and GetRemoteFrontendClient functions again after updating the TLS certs. This will ensure that you're using the latest certificates.
  2. Implement a Refresh Mechanism: Create a mechanism to periodically refresh the clients using a timer or by listening for TLS certificate updates. This could involve periodically calling the GetRemoteAdminClient and GetRemoteFrontendClient functions or using a different approach for managing the client connections.

We are currently investigating this behavior and will update the documentation if a solution is found.

@dhiaayachi
Copy link
Owner Author

Thanks for reporting this.

The GetRemoteAdminClient and GetRemoteFrontendClient functions in client_bean.go currently do cache admin and frontend clients. This means that if TLS certs are updated, the clients will continue to use the old certs until they are recreated.

A workaround for this is to manually recreate the clients after the TLS certs have been updated. You can do this by calling the functions again, or by using a different client library that doesn't cache the clients.

We are aware of this issue and are working on a solution.

For more information on this, see the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dhiaayachi