I am trying to configure metrics endpoint over https
mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
Scheme: scheme,
Metrics: server.Options{
SecureServing: true,
BindAddress: metricsAddr,
ExtraHandlers: map[string]http.Handler{
fmt.Sprintf("/%s/metrics", GetNamespace()): metrics.GetCustomMetricsHandlerInstance(),
},
FilterProvider: func(c *rest.Config, httpClient *http.Client) (server.Filter, error) {},
CertDir: "",
CertName: "",
KeyName: "",
TLSOpts: []func(*tls.Config){},
},
// ... other configurations
})
If I don't provide certificates at startup, the server will generate self-signed certs (reference: self-signed cert generation code). My main concern is providing a way to load updated certificates from secrets once they are created. Unfortunately, at startup, I don't have access to secrets.
I'm wondering if there's a way to load certificates later from secrets, perhaps using this function []func(*tls.Config){}, or if there's another recommended approach. Additionally, would I need to reload the HTTPS server in any way?