search

kubernetes-sigs / secrets-store-csi-driver

Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
https://secrets-store-csi-driver.sigs.k8s.io/
Apache License 2.0
1.28k stars 296 forks source link

Document auto restart of pods on secret rotation #1647

Open ewan-chalmers opened 1 month ago

ewan-chalmers commented 1 month ago

Describe the solution you'd like When secret auto-rotation is enabled, users of Secrets Store CSI Driver may look for a means to have workload pods automatically restarted when a mounted secret is updated. While restart code is assumed not to be in scope of the driver project, the project could outline a suggested approach.

Anything else you would like to add: I have implemented a kubernetes controller to optionally restart pods when mounted secrets are updated.

I have a document ready to propose for inclusion in docs/topics.

Note that Reloader does not cover the case where secrets are mounted in pod volumes.

This follow from discussion on the slack community: https://kubernetes.slack.com/archives/C013PUP2WRK/p1727349029443369?thread_ts=1724065955.676549&cid=C013PUP2WRK Environment:

ewan-chalmers commented 1 month ago

I would like to claim the issue. I have a doc ready for PR

enj commented 1 month ago

(just for PR review purposes)

/assign aramase nilekhc

ewan-chalmers commented 3 weeks ago

@aramase @nilekhc is there something more I could do to move this forward?