Crowdsec on k3s w/ Traefik x509 certificate expiration with https enabled

Hey there,

Looking for some advice on how to handle this issue I keep running into.

I am running Crowdsec on k3s with Traefik. Crowdsec is running in https mode using x509 certs that it creates using it’s ca-issuer.

The certificate will last for 90 days, at the end of the 90 days, the certificate will expire and the bouncer will now get 403 unauthorized errors and basically break all ingress going through traefik. I’ve not found a way to rotate this certificate. When I inspect in inside the cluster, it’s still showing as an active and healthy certificate.

Any seen this issue before or know how to deal with it? It’s driving me crazy.

it is most likely, that the certificate is being renewed but the bouncer only read the certificate at startup so it doesnt know to read read and load the new cert.

Edit: our k8s person has linked me GitHub - stakater/Reloader: A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig – [✩Star] if you're using it! could be a solution but this adds extra items when we could just do it within the bouncer lib :person_shrugging:

This is exactly what’s happening, thanks for pointing me in the right direction. I’m curious if you’ve come across this and how you remediate?