Dynamic SSL Certificate Storage in HAProxy

[fatchan]

Hi, when I add or remove an SSL certificate from HAProxy with dataplaneapi, it seems a reload is required for the changes to take effect.

However, Haproxy 2.1 and 2.2, apparently SSL certificates can be updated and added/removed without requiring a reload:
https://www.haproxy.com/blog/dynamic-ssl-certificate-storage-in-haproxy
https://www.haproxy.com/blog/announcing-haproxy-2-2#dynamic-ssl-certificate-storage

Is it possible for this to be supported in dataplaneapi?

Edit: In the meantime, I have monkey-patched my forks of dataplaneapi and client-native to issue the necessary ssl cert and ssl crt-list commands during storage create and storage delete of ssl certificates. Then, I always set skip_reload=true or force_reload=false. This allows me to add/remove the certificates without a reload.

[mjuraga]

Hi @fatchan we are working on the big rework of our certificate storage, so we can take full advantage of runtime storage of HAProxy in the future, so it will be a feature in the next release.

[mjuraga]

Hi @fatchan, we recently commited a big change supporting all dynamic ssl certificate storage actions on the Runtime API trough Data Plane API, and we will be fully utilizing this from 3.2. We will have the same storage endpoints and they will store certs on the disk and do the action (create, edit, delete) trough the runtime API and avoid reloads in that case. In addition to that we added runtime endpoints that won't deal with storage or disk writing but write directly trough the Runtime API.