[Feature Request] Support for akv2k8s "AKVS" resources
tspearconquest opened this issue · comments
Greetings,
A thread was started in the akv2k8s.io slack regarding the possibility of detecting changes and restarting pods that leverage a custom resource used by that project.
The custom resource "AzureKeyVaultSecret" (or "AKVS" for short) is associated with a specific Azure Keyvault and Keyvault Object to securely retrieve a secret, and a mutating webhook modifies pods on admission to the cluster so that the secret can be injected into the environment of a pod without having to expose the secret to the API server, etcd, or the user.
Additionally, they offer a controller which refreshes normal kubernetes secrets when a keyvault object is updated. Currently, if using the controller service, Reloader will detect these updates and restart a pod that leverages the builtin kubernetes Secret object, but this doesn't work with the "env-injector" webhook since that method doesn't leverage the builtin kubernetes secrets.
The AKVS resource has a status.lastAzureUpdate
field which could be leveraged by Reloader to identify when the keyvault object has been updated and restart the affected pods.