I will. We've been betting Postgres connectivity for a few hundred applications on this over the past three years. If this fucks up, it'll be known without me.
I will. We've been betting Postgres connectivity for a few hundred applications on this over the past three years. If this fucks up, it'll be known without me.
I'm curious what requirement drove you to such arbitrarily small TTL, other than "because we can" dick-measuring geekery.
I applaud you for sticking to your guns though.
At the end of the day, we were worried about exactly these issues - if an application has to reload certs once every 2 years, it will always end up a mess.
And the conventional wisdom for application management and deployments is - if it's painful, do it more. Like this, applications in the container infrastructure are forced to get certificate deployment and reloading right on day 1.
And yes, some older application that were migrated to the infrastructure went ahead and loaded their credentials and certificates for other dependencies into their database or something like that and then ended up confused when this didn't work at all. Now it's fixed.