Greetings,

A thread was started in the akv2k8s.io slack regarding the possibility of detecting changes and restarting pods that leverage a custom resource used by that project.

The custom resource "AzureKeyVaultSecret" (or "AKVS" for short) is associated with a specific Azure Keyvault and Keyvault Object to securely retrieve a secret, and a mutating webhook modifies pods on admission to the cluster so that the secret can be injected into the environment of a pod without having to expose the secret to the API server, etcd, or the user.

Additionally, they offer a controller which refreshes normal kubernetes secrets when a keyvault object is updated. Currently, if using the controller service, Reloader will detect these updates and restart a pod that leverages the builtin kubernetes Secret object, but this doesn't work with the "env-injector" webhook since that method doesn't leverage the builtin kubernetes secrets.

The AKVS resource has a status.lastAzureUpdate field which could be leveraged by Reloader to identify when the keyvault object has been updated and restart the affected pods.