Installs of educates configure contour with TLS configured between contour and envoy. When a cluster reaches over 1 year old and the network connectivity internally between contour/envoy stops working due to expired certs.
However there is no cert updating/rotation done for this. There is cert-manager that handles the external certificate for ingress, but not for the internal certs.
There is a certgen job that is run as part of initial installation of the cluster. If a CronJob was created to run the job ever month or couple of months this should fix the problem.
Installs of educates configure contour with TLS configured between contour and envoy. When a cluster reaches over 1 year old and the network connectivity internally between contour/envoy stops working due to expired certs.
However there is no cert updating/rotation done for this. There is cert-manager that handles the external certificate for ingress, but not for the internal certs.
There is a certgen job that is run as part of initial installation of the cluster. If a CronJob was created to run the job ever month or couple of months this should fix the problem.