Commit 1d549c0
committed
docs: delineate cert health-gating from re-issuance
Record the boundary between the two cert-failure paths in the gateway
controller, per the decision in #260: keep them separate rather than
unified behind a single failure detector.
Add a short comment at each call site stating the split and why:
- Health-gating (evaluateListenerCertHealth) is read-only and gates on any
unusable cert.
- Fast-track re-issuance (reissueFailedCertificate) mutates and fires only
on cert-manager hard-fail (LastFailureTime); expired or missing certs
recover via renewal or the isNew path instead.
No behavior change; comments only.1 parent 4a1da1e commit 1d549c0
1 file changed
Lines changed: 10 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
276 | 276 | | |
277 | 277 | | |
278 | 278 | | |
| 279 | + | |
| 280 | + | |
| 281 | + | |
| 282 | + | |
| 283 | + | |
279 | 284 | | |
280 | 285 | | |
281 | 286 | | |
| |||
941 | 946 | | |
942 | 947 | | |
943 | 948 | | |
| 949 | + | |
| 950 | + | |
| 951 | + | |
| 952 | + | |
| 953 | + | |
944 | 954 | | |
945 | 955 | | |
946 | 956 | | |
| |||
0 commit comments