Kea should continue to operate even when connection to config-db is lost
Currently Kea considers it to be a critical failure when the connection to the configuration backend is lost. This introduces an additional critical operational risk.
It would be better if Kea cached the last known good configuration and could continue operating (renewing and new leases) with that configuration, while attempting to reconnect periodically. How this last known good configuration is stored locally and whether it persists through a reload is a design question, but the goal is to make the Kea server more resilient, and to prioritize continued service availability above the ability to control the configuration from the configuration backend.
Obviously we would want to ensure that the disconnect with the config backend is logged appropriately, with an alarm if possible. I would think this ability to survive an interruption in communication with the config backend would be appropriate default behavior, but this is TBD.