Getting Envoy to pick up rotated certificates
Like many people, I use cert-manager to automatically renew my website’s TLS certificates with Let’s Encrypt. Unlike many people, I don’t use an Ingress controller to get traffic into my cluster, I just have a few instances of Envoy that terminate TLS and route traffic to the appropriate backend. Cert-manager handles the mechanics of certificate renewal very efficiently; it runs a controller loop that checks all my Certificate objects for expiration, and when a certificate is close to expiring, it goes out and renews it.