Upgrading mTLS root certificate


We are testing the process of upgrading the root certificate used for mTLS so that we understand the process. One thing we have noticed is that when the root certificate is changed the sidecars don’t automatically get a new certificate, this results in a state where new pods, with the new certificate, can’t communicate with old pods until they are restarted.

I was hoping that all the running sidecars would automatically detect the new certificate and update themselves, does this functionality exist?