Pebble makes use of golang's net/http client for TLS context.
Our charms add CA certs to the workload only on some relation changed.
@michaeldmitry discovered that:
- For log targets, pebble loads the CA certs when we first create a log target, not when pebble starts.
- You can't remove log targets once added (unless with a container restart).
Then we'd need to restart pebble for the TLS context to refresh, but if we do that then we lose the pod (because pebble is PID 1).
Pebble makes use of golang's
net/httpclient for TLS context.Our charms add CA certs to the workload only on some relation changed.
@michaeldmitry discovered that:
Then we'd need to restart pebble for the TLS context to refresh, but if we do that then we lose the pod (because pebble is PID 1).