SSL certificate reload

I want to use hashicorp vault to manage logstash ssl certs on kubernetes.
I am using logstash helm chart --version 7.10.1
These pod annotations work as expected:

podAnnotations:
  vault.hashicorp.com/agent-inject: "true"
  vault.hashicorp.com/auth-path: "auth/eks"
  vault.hashicorp.com/role: "devweb-app"
  vault.hashicorp.com/agent-inject-secret-ca.crt: ""
  vault.hashicorp.com/agent-inject-template-ca.crt: |
    {{- with secret "pki_int/issue/elk" "common_name=logstash.example.com"  "private_key_format=pkcs8" "ttl=1h" -}}
    {{ .Data.issuing_ca }}
    {{- end }}

  vault.hashicorp.com/agent-inject-secret-server.key: ""
  vault.hashicorp.com/agent-inject-template-server.key: |
    {{- with secret "pki_int/issue/elk" "common_name=logstash.example.com" "private_key_format=pkcs8" "ttl=1h" -}}
    {{ .Data.private_key }}
    {{- end }}

  vault.hashicorp.com/agent-inject-secret-server.crt: ""
  vault.hashicorp.com/agent-inject-template-server.crt: |
    {{- with secret "pki_int/issue/elk" "common_name=logstash.example.com"  "private_key_format=pkcs8" "ttl=1h" -}}
    {{ .Data.certificate }}
    {{- end }}

The problem is when logstash container gets new certs, there is no way to tell logstash to use new certs. I have tried documented ways to reload configs: https://www.elastic.co/guide/en/logstash/current/reloading-config.html
but these apply only for config, new ssl certs are not being used.

Is there some way to make logstash aware of ssl cert rotation?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.