Hi All,
We use built-in CA for our service mesh (consul-k8s version 1.20.x)
The consul-webhook-cert-manager creates one secret consul-connect-inject-webhook-cert which has tls.crt and tls.key. This certificate is valid for 24 hours by default.
When a consul-webhook-cert-manager updates its certificate, it triggers an Envoy cluster update because the new certificate needs to be propagated to the Envoy proxy sidecar and thus Envoy configuration to be refreshed.
My question is:
As connections are re-established with updated cert, does it cause any disruption in service to service communication?
Many thanks,
~K