Certificate Management
Envoy provides several mechanisms for cert management. At a high level they can be broken into
Static CommonTlsContext referenced certificates. These will not reload automatically, and requires either a restart of the proxy or reloading the clusters/listeners that reference them. Hot restarting can be used here to pick up the new certificates without dropping traffic.
Secret Discovery Service referenced certificates. By using SDS, certificates can either be referenced as files (reloading the certs when the parent directory is moved) or through an external SDS server that can push new certificates.
当前内容版权归 Envoy Proxy 或其关联方所有,如需对内容或内容相关联开源项目进行关注与资助,请访问 Envoy Proxy .