Simplistic stunnel image for securing containerized workloads.

When using a service that manages the rotation of mounted certificates, stunnel will need to be hup'd to re-read the files. Until kubernetes adds native support for signaling, the entrypoint includes a workaround based on inotify.

To monitor certificates for changes, set environment variables accordingly:

env:
  - name: "INOTIFYWAIT_ENABLED"
    value: "1"
  - name: "INOTIFYWAIT_FILES"
    value: >-
      /etc/stunnel/tls.d/service1/tls.crt
      /etc/stunnel/tls.d/service2/tls.crt