In Google Kubernetes Engine, it's possible to set up a "Google-managed SSL certificate". Obviously, before a certificate expires, Google needs to get a new one. When Google does this, does it use the same keypair, or does it generate a new keypair?
The reason for this question is that I may need to allow "certificate pinning" against an SSL certificate. This won't work if the keypair changes at every renewal.
