search

kubernetes-sigs / secrets-store-csi-driver

Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
https://secrets-store-csi-driver.sigs.k8s.io/
Apache License 2.0
1.24k stars 290 forks source link

Document auto restart of pods on secret rotation #1647

Open ewan-chalmers opened 2 hours ago

ewan-chalmers commented 2 hours ago

Describe the solution you'd like When secret auto-rotation is enabled, users of Secrets Store CSI Driver may look for a means to have workload pods automatically restarted when a mounted secret is updated. While restart code is assumed not to be in scope of the driver project, the project could outline a suggested approach.

Anything else you would like to add: I have implemented a kubernetes controller to optionally restart pods when mounted secrets are updated.

I have a proposed document ready to propose for inclusion in docs/topics. I would like to claim the issue.

Note that Reloader does not cover the case where secrets are mounted in pod volumes.

This follow from discussion on the slack community: https://kubernetes.slack.com/archives/C013PUP2WRK/p1727349029443369?thread_ts=1724065955.676549&cid=C013PUP2WRK Environment:

ewan-chalmers commented 2 hours ago

I would like to claim the issue. I have a doc ready for PR