Add cert hot reload and cert file locking

Adds file-watching certificate hot reload, cross-replica ACME certificate lock coordination via flock (Unix) and Kubernetes lease objects.
2026-04-20 09:16:40 +00:00 · 2026-02-09 20:17:05 +08:00
parent be5f30225a
commit fd442138e6
14 changed files with 1606 additions and 23 deletions
--- a/proxy/internal/flock/flock_other.go
+++ b/proxy/internal/flock/flock_other.go
@@ -0,0 +1,20 @@
+//go:build !unix
+
+package flock
+
+import (
+	"context"
+	"os"
+)
+
+// Lock is a no-op on non-Unix platforms. Returns (nil, nil) to indicate
+// that no lock was acquired; callers must treat a nil file as "proceed
+// without lock" rather than "lock held by someone else."
+func Lock(_ context.Context, _ string) (*os.File, error) {
+	return nil, nil
+}
+
+// Unlock is a no-op on non-Unix platforms.
+func Unlock(_ *os.File) error {
+	return nil
+}