Hi,

Now that many projects are choosing to use CSI drivers to deliver their secrets into their workloads directly (as a file in the fs), a secret rotation does not involve K8s secrets. Whenever a new version of a secret is delivered via CSI driver, the object secretproviderclasspodstatuses.secrets-store.csi.x-k8s.io is updated with version information.

If Reloader watched these objects, we could still do a rolling upgrade of our workloads using Reloader when migrating to using CSI driver delivered secrets.

Would this community be interested in such feature?

Cheers,
Daniel

Agree, will be great to have this feature.

Hi @dpkano , are you guys working on implementing this? Is there any help needed or something that can be worked on together? Having CSI support would be an imense help for all software that doesn't live check files for changes.

Hi @UXabre, I've had a quick peek at the changes we need using Reloader. But, I think a simpler approach could be to use the Informer from the secretproviderclasspodstatuses to trigger a rolling upgrade for the controller (deployment, statefulset, daemonset, and more). This could be a neat short-term fix. If it pans out, I'll drop it on GitHub.